This blog post is a fast overview of Cobalt Strike. I assume that you are familiar with Meterpreter, Mimikatz, and make use of Offensive PowerShell in your work. This post does not replace the documentation or videos, but it’s a quick way to become familiar with Cobalt Strike concepts that are not immediately obvious. Starting Cobalt […]
CTA Type: Resource
Cobalt Strike 3.3 – Now with less PowerShell.exe
The fourth release in the Cobalt Strike 3.x series is now available. There’s some really good stuff here. I think you’ll like it. Unmanaged PowerShell How do you get your PowerShell scripts on target, run them, and get output back? This is the PowerShell weaponization problem. It’s unintuitively painful to solve in an OPSEC-friendly way […]
Read More… from Cobalt Strike 3.3 – Now with less PowerShell.exe
User Exploitation at Scale
Some hackers only think about access. It’s the precious. How to get that first shell? I don’t care too much about this. I’m concerned about the problems that come from having a lot of accesses. One of these problems has to do with user exploitation. If you have access to 50 or more systems at […]
Aggressor Script’s Secret mIRC Scripting Past
Aggressor Script is the scripting engine in Cobalt Strike 3.0 and later. If you want to learn more about it, I recommend reading the documentation. In this blog post, I’ll provide some history around Aggressor Script so you can better understand it and where it comes from. The mIRC Factor mIRC is a popular client for […]
Read More… from Aggressor Script’s Secret mIRC Scripting Past
Pics or it didn’t happen…
One of the most important things in a red teamer’s job is evidence. If you can’t demonstrate impact and make a risk real, it’s as if you didn’t find the problem. Screenshots go a long way towards this. Cobalt Strike has several options to capture screenshots during your engagement. In this post, I’ll quickly take […]
Linux, Left out in the Cold?
I’ve had several folks ask about Linux targets with Cobalt Strike 3.0 and later. Beacon is a Windows-only payload. The big question becomes, how do you use Cobalt Strike to operate against Linux, BSD, and other UNIX flavored targets? Cobalt Strike is not the master unified interface for all hacking tasks. Rather, Cobalt Strike is […]
My Cobalt Strike Scripts from NECCDC
I just returned from the North East Collegiate Cyber Defense Competition event at the University of Maine. A big congratulations to the winners, Northeastern University, who will go on to represent the North East region at the National event in April. The more I use Cobalt Strike 3.x, the more I appreciate Aggressor Script. Aggressor […]
Cobalt Strike 3.2 – The Inevitable x64 Beacon
Cobalt Strike 3.2, the third release in the 3.x series, is now available. The 3.2 release focuses on fixes and improvements across the Cobalt Strike product. x64 Beacon Cobalt Strike’s x86 Beacon plays pretty well in an x64 world. You can inject the keystroke logger and screenshot tools into 64-bit processes. If you run mimikatz […]
Read More… from Cobalt Strike 3.2 – The Inevitable x64 Beacon
A History of Cobalt Strike in Training Courses
In 2011, I was invited to Austin, TX by the local ISSA and OWASP chapters to teach a class on Armitage and the Metasploit Framework. I think we had 90 students. I remember the pain of burning DVDs in preparation for this class. Myself and two of the organizers agreed to split the DVD burning […]
Read More… from A History of Cobalt Strike in Training Courses
Cobalt Strike Tips for 2016 CCDC Red Teams
It’s CCDC season again. CCDC is the National Collegiate Cyber Defense Competition. Teams of students in 10 regions run simulated business networks and defend against red team attacks. The winners of these regional events square off at the National CCDC in San Antonio, TX. Strategic Cyber LLC is making Cobalt Strike available to the red teams at the regional and […]