Last week saw the release of Metasploit 4.10. Those who use Armitage and Cobalt Strike noticed that neither tool worked after running msfupdate on Kali Linux. That’s resolved now. Last night, I pushed Armitage and Cobalt Strike updates to fix the database.yml not found issue AND to make both tools compatible with Metasploit 4.10’s new […]
CTA Type: Blog
Puttering my Panda and other Threat Replication Case Studies
Cobalt Strike 2.0 introduced Malleable C2, a technology to redefine network indicators in the Beacon payload. What does this mean for you? It means you can closely emulate an actor and test intrusion response during a penetration test. In this blog post, I’ll take you through three threat replication case studies with Cobalt Strike. In […]
Read More… from Puttering my Panda and other Threat Replication Case Studies
Introducing Morning Catch – A Phishing Paradise
Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation. On this virtual machine, you will find: a website for a fictitious seafood company, self-contained email infrastructure to receive phishes, and two desktop environments. One desktop environment is a vulnerable Linux client-side attack surface. The […]
Read More… from Introducing Morning Catch – A Phishing Paradise
Pass-the-Golden-Ticket with Cobalt Strike’s Beacon
Back in May, I wrote up some impressions about Meterpreter’s Kiwi extension. It’s Mimikatz 2.0, complete with its ability to generate a Kerberos “Golden Ticket” with domain-admin rights offline. I’ve had a very positive experience with this capability since May. My best practice is to create a Golden Ticket catalog. When you capture a domain controller, […]
Read More… from Pass-the-Golden-Ticket with Cobalt Strike’s Beacon
Use Cobalt Strike’s Beacon with Veil’s Evasion
The Veil Framework is a collection of red team tools, focused on evading detection. The Veil Evasion project is a tool to generate artifacts that get past anti-virus. It’s worth getting to know Veil. It has a lot of capability built into it. Cobalt Strike 2.0’s Payload Generator includes an option to output a Cobalt […]
Read More… from Use Cobalt Strike’s Beacon with Veil’s Evasion
Cobalt Strike 2.0 – Malleable Command and Control
I define threat replication as a penetration test that looks like an attack from an APT actor. Assessments that involve threat replication are more than a test of technical controls. Threat Replication is a full exercise of a customer’s analytical process and ability to attribute and respond to an APT. These definitions are all well […]
Read More… from Cobalt Strike 2.0 – Malleable Command and Control
HTTP Proxy Authentication for Malware
I spend a lot of time thinking about what my tools can and can’t do. One of the weakest points for penetration testing tools is their (in-)ability to get past some egress restrictions. I previously wrote about why this is a problem and how you might get past different egress restrictions. My general advice is […]
The Access Management Team [Shell Sherpas]
When I participate in an exercise, with multiple target networks and a large red team, I favor splitting the team up into cells. Each cell owns a target network and is responsible for any objectives that must occur in that target network. These cells are supported by an access management team. The access management team […]
Cobalt Strike – Innovative Offense or “just a GUI”?
In June 2012, I announced Cobalt Strike to the world. Thanks to Cobalt Strike‘s users, I build and research offensive technologies, full-time, and have done so for the past two years. In this post, I’d like to show what has come from these two years of user-funded work. The Big Ideas Modeling Advanced Attackers with Beacon The Beacon payload is THE threat emulation […]
Read More… from Cobalt Strike – Innovative Offense or “just a GUI”?
The Beachhead
I see egress as one of the biggest pains in the offensive space. If your target has zero egress controls—don’t worry about anything I have to say here. If you’re up against a harder target, read on—I think I’m close to cracking this problem. You need different payloads for different phases of your engagement. I […]