This is the second installment in a series revisiting the User-Defined Reflective Loader (UDRL). In part one, we aimed to simplify the development and debugging of custom loaders and introduced the User-Defined Reflective Loader Visual Studio (UDRL-VS) template. In this installment, we’ll build upon the original UDRL-VS loader and explore how to apply our own […]
Read More… from Revisiting the User-Defined Reflective Loader Part 2: Obfuscation and Masking
Core Impact uses the same techniques as today’s threat actors to efficiently test the security of an IT infrastructure to help minimize risk and protect valuable assets. With the help of guided automations, organizations can discover, test, and report in just a few simple steps. Simple Enough for Your First Test, Powerful Enough for the […]
Beacon Object Files (BOFs) were introduced in Cobalt Strike 4.1 in 2020. Since their release, BOFs have played a key role in post-exploitation activities, surpassing Reflective DLLs, .NET assemblies, and PowerShell scripts. However, in our experience, many developers struggle with four primary pain points: In this blog post, we will tackle these difficulties by introducing […]
Read More… from Simplifying BOF Development: Debug, Test, and Save Your B(e)acon
This is a joint blog written by the Cobalt Strike and Outflank teams. It is also available on the Outflank site. Over the past few months there has been increasing collaboration and knowledge sharing internally between the Cobalt Strike and Outflank R&D teams. We are excited about the innovation opportunities made possible by this teamwork and […]
Read More… from Cobalt Strike and Outflank Security Tooling: Friends in Evasive Places
Core Impact, Cobalt Strike, and Outflank Security Tooling (OST) are three powerful security solutions that use the same techniques as today’s threat actors in order to safely evaluate organizational infrastructures and provide guidance on closing security gaps, enhancing defenses, and creating more resilient security strategies. Core Impact is an automated penetration testing tool, typically used for exploitation and […]
Cobalt Strike and Outflank Security Tooling (OST) are two elite red teaming solutions ideal for assessing the security posture of an organization by deploying sophisticated adversary simulations. Cobalt Strike is a threat emulation tool that provides a post-exploitation agent and covert channels, replicating the tactics and techniques of an advanced adversary in a network. OST is a curated […]
Cobalt Strike helps organizations conduct advanced adversary simulations and Red Team engagements with ease, allowing your organization to effectively measure your security operations program and incident response capabilities. This on-demand Cobalt Strike demo includes a guided walkthrough of using Cobalt Strike in a small cyber range. The demo touches on several security topics to help […]
Over the past few years, there has been a massive proliferation of YARA signatures for Beacon. We know from conversations with our customers that this has become problematic when using Cobalt Strike for red team engagements and that there has been some confusion over how Cobalt Strike’s malleable C2 options can help. Therefore, this blog […]
Read More… from Cobalt Strike and YARA: Can I Have Your Signature?
Microsoft’s Digital Crimes Unit (DCU), cybersecurity software company Fortra™ and Health Information Sharing and Analysis Center (Health-ISAC) are taking technical and legal action to disrupt cracked, legacy copies of Cobalt Strike and abused Microsoft software, which have been used by cybercriminals to distribute malware, including ransomware. This is a change in the way DCU has […]
Read More… from Stopping Cybercriminals From Abusing Security Tools
I blogged about the Cobalt Strike roadmap in March last year and while the fundamental tenets of our approach to R&D remain unaltered, a lot has changed behind the scenes over the past year or so. I try to engage with our customers on various platforms and over the past few months, I’ve been asked […]
Read More… from Cobalt Strike 2023 Roadmap and Strategy Update