Cobalt Strike 3.5 is now available. This release adds an SSH client with a Beacon-like interface. This client allows you to conduct post-exploitation actions against UNIX targets from Cobalt Strike. In this post, I’ll take you through the specifics. The SSH Client Cobalt Strike’s SSH client is a Reflective DLL that receives tasks from and […]
Cornerstone: Development
HOWTO: Reset Your Cobalt Strike License Key
Time to time, I hand out Cobalt Strike license keys to non-customers. Sometimes these are to support an event (e.g., the National CCDC Red Team). Other times, these license keys allow a potential customer to evaluate Cobalt Strike without the deliberate tells present in the trial. Cobalt Strike’s license key is primarily used with the […]
Cobalt Strike 3.3 – Now with less PowerShell.exe
The fourth release in the Cobalt Strike 3.x series is now available. There’s some really good stuff here. I think you’ll like it. Unmanaged PowerShell How do you get your PowerShell scripts on target, run them, and get output back? This is the PowerShell weaponization problem. It’s unintuitively painful to solve in an OPSEC-friendly way […]
Read More… from Cobalt Strike 3.3 – Now with less PowerShell.exe
User Exploitation at Scale
Some hackers only think about access. It’s the precious. How to get that first shell? I don’t care too much about this. I’m concerned about the problems that come from having a lot of accesses. One of these problems has to do with user exploitation. If you have access to 50 or more systems at […]
A Quick Guide to Bug Reports
One of the hardest parts of being a developer is working with bug reports and support requests disguised as bug reports. Some people write very good bug reports. These reports give me the information I need to reproduce the problem and advise from there. Others offer a vague description of their problem with no context. […]
Connection Refused Error in Cobalt Strike
I’ve had several folks write to me asking about the Connection Refused error when they try to use Cobalt Strike. This one: Cobalt Strike 3.0 requires you to start a team server before you attempt to connect a client to it. If you connect a client to 127.0.0.1 and no server is present, you will […]
Named Pipe Pivoting
One of my favorite features in Cobalt Strike is its ability to pivot over named pipes. A named pipe is a way for two programs on a Windows system to communicate with each other. From a programming perspective, working with a named pipe is a lot like working with a file. I use named pipes […]
Cobalt Strike 2.5 – Advanced Pivoting
I spend a lot of my red time in the Access Manager role. This is the person on a red team who manages callbacks for the red cell. Sometimes, I like to grab a Beacon and drive around a network. It’s important to get out once in a while and enjoy what’s there. Cobalt Strike […]
Cobalt Strike 2.4 – A Pittance for Post-Exploitation
Cobalt Strike 2.4 is now available. If you use Beacon for post-exploitation, you’ll find a lot to like in this release. Here’s the highlights: Post-Exploitation Jobs Beacon now supports long-running jobs. These are post-exploitation tasks that live in other processes and report information to Beacon as it becomes available. Beacon’s keystroke logger was rewritten to take advantage […]
Read More… from Cobalt Strike 2.4 – A Pittance for Post-Exploitation
Cobalt Strike 2.3 – I’ve always wanted runas
Cobalt Strike 2.3 is now available. This release adds a runas command to Beacon. This command allows you to specify a username and password for any user and run a command as them. Useful for situations where you know credentials for an admin and want to use them to elevate. Care to know the alternative? Shell Escalation using […]
Read More… from Cobalt Strike 2.3 – I’ve always wanted runas