This blog post accompanies a new addition to the Arsenal Kit – The User-Defined Reflective Loader Visual Studio (UDRL-VS). Over the past few months, we have received a lot of feedback from our users that whilst the flexibility of the UDRL is great, there is not enough information/example code to get the most out of […]
Read More… from Revisiting the User-Defined Reflective Loader Part 1: Simplifying Development
Cobalt Strike 4.8 is now available. This release sees support for system calls, options to specify payload guardrails, a new token store, and more. We had originally planned to get this release out late in 2022 but progress was stymied due to the 4.7.1 and 4.7.2 patch releases that we had to put out to […]
This blog introduces a PoC technique for spoofing call stacks using timers. Prior to our implant sleeping, we can queue up timers to overwrite its call stack with a fake one and then restore the original before resuming execution. Hence, in the same way we can mask memory belonging to our implant during sleep, we […]
Read More… from Behind the Mask: Spoofing Call Stacks Dynamically with Timers
OST is a curated set of offensive security tools created by expert red teamers. Ideal for advanced security teams testing even mature and sensitive target environments, this toolkit covers every significant step in the attacker kill chain, from difficult stages such as initial access to final exfiltration. Prioritizing Stealth and Evasion One of the key […]
Cobalt Strike 4.7.2 is now available. This is an out of band update to fix a remote code execution vulnerability that is rooted in Java Swing but which can be exploited in Cobalt Strike. Remote Code Execution Vulnerability I’d like to start by giving credit to Rio Sherri (0x09AL) and Ruben Boonen (FuzzySec) from the […]
Cobalt Strike 4.7.1 is now available. This is an out of band update to fix an issue discovered in the 4.7 release that was reported to be impacting users, and for which there was no workaround. We also took the opportunity to address a vulnerability that was reported shortly after the 4.7 release, along with […]
Cobalt Strike 4.7 is now available. This release sees support for SOCKS5, new options to provide flexibility around how BOFs live in memory, updates to how Beacon sleeps and a number of other changes that have been requested by our users. We’ve also given the user interface a bit of a refresh (including support for […]
Read More… from Cobalt Strike 4.7: The 10th Anniversary Edition
A decade after its debut by founder Raphael Mudge, Cobalt Strike has become a favorite tool of cybersecurity experts in every industry for adversary simulation and Red Team engagements. With more members than ever, the Cobalt Strike team has expanded its efforts on research activities to further add features, enhance security, and fulfill customer requests. We’d like to […]
Read More… from Looking Back & Moving Forward: 10 Years of Cobalt Strike
Can you believe it? Cobalt Strike is 10 years old! Think back to the summer of 2012. The Olympics were taking place in London. CERN announced the discovery of a new particle. The Mars Rover, Curiosity, successfully landed on the red planet. And despite the numerous eschatological claims of the world ending by December, Raphael […]
Fortra Vulnerability Management (formerly Frontline VM™), Core Impact, and Cobalt Strike are three powerful security tools that evaluate the security of their environments in order to better identify security vulnerabilities and predict their potential impact. Though they all share the same goal of proactively assessing risk, they are still distinct tools with distinguishing features that […]