We’re often asked, “what does Cobalt Strike do?” In simple terms, Cobalt Strike is a post-exploitation framework for adversary simulations and Red Teaming to help measure your security operations program and incident response capabilities. Cobalt Strike provides a post-exploitation agent, Beacon, and covert channels to emulate a quiet long-term embedded actor in a network. If […]
CTA Type: Blog
TeamServer.prop
Following the 4.4 release, you may have noticed a warning message when starting your teamserver: The missing file is optional and its absence does not break the teamserver. It contains a number of optional parameters that can be used to customize the settings used to validate screenshot and keylog callback data, which allows you to […]
Introducing Cobalt Strike Community Kit
What is Community Kit? Cobalt Strike is a post-exploitation framework designed to be extended and customized by the user community. Several excellent tools and scripts have been written and published, but they can be challenging to locate. Community Kit is a central repository of extensions written by the user community to extend the capabilities of […]
Cobalt Strike 4.4: The One with the Reconnect Button
Cobalt Strike 4.4 is now available. This release puts more control into your hands, improves Cobalt Strike’s evasive qualities and addresses a number of smaller changes requested by our users… and yes! We’ve added a reconnect button! User Defined Reflective DLL Loader Cobalt Strike has a lot of flexibility in its Reflective Loading foundation but […]
Read More… from Cobalt Strike 4.4: The One with the Reconnect Button
Cobalt Strike DoS Vulnerability (CVE-2021-36798)
SentinelOne discovered a denial of service (DoS) vulnerability in Cobalt Strike. The bug (aka Hotcobalt) can cause a denial of service on a teamserver by using a fake beacon sending abnormally large screenshots. This bug has been fixed in Cobalt Strike 4.4 Consider mitigating this risk to a teamserver by hardening your C2 infrastructure. Thank you, […]
Read More… from Cobalt Strike DoS Vulnerability (CVE-2021-36798)
Introducing Mimikatz Kit
You can now update Mimikatz between Cobalt Strike releases. Updates will periodically be made available to licensed users via the Arsenal as the Mimikatz Kit. Usage: Download and extract the .tgz from the Arsenal (Note: The version uses the Mimikatz release version naming (i.e., 2.2.0.20210724) Load the mimikatz.cna aggressor script Use mimikatz functions as normal […]
CredBandit (In memory BOF MiniDump) – Tool review – Part 1
One of the things I find fascinating about being on the Cobalt Strike team is the community. It is amazing to see how people overcome unique challenges and push the tool in directions never considered. I want explore this with CredBandit (https://github.com/xforcered/CredBandit). This tool has had updates since I started exploring. I’m specifically, looking at […]
Read More… from CredBandit (In memory BOF MiniDump) – Tool review – Part 1
New home for Cobalt Strike malleable c2 profiles and scripts
The Cobalt Strike references (malleable c2 profiles, scripts, Elevate Kit, etc.) have been consolidated under a new GitHub account. https://github.com/cobalt-strike We understand that many blog posts (and even our documentation) have references to the original links. The original links will be available for the time being but may not be in the future. Update your […]
Read More… from New home for Cobalt Strike malleable c2 profiles and scripts
Create listeners with an aggressor script – listener_create_ext
This short post is a follow up to the post “Manage Cobalt Strike with Services” where I described a method to automate Cobalt Strike teamservers by creating services. In this post, I will take a closer look at the aggressor function that is used to create listeners listener_create_ext to expanded on the documentation and provide an […]
Read More… from Create listeners with an aggressor script – listener_create_ext
Manage Cobalt Strike with Services
This post is part of a “Quality of Life” series, where tips and tricks will be shared to make using Cobalt Stike easier. Cobalt Strike is a post-exploitation framework and requires customization to meet your specific needs. This flexibility is one of the most powerful features of Cobalt Strike. While this is great, some may […]