CTA Type: Blog

Cobalt Strike Sleep Python Bridge

Posted on

This project started after seeing how the user community tweaks and tunes Cobalt Strike. I was inspired by @BinaryFaultline and @Mcgigglez16 in their project https://github.com/emcghee/PayloadAutomation and blog post http://blog.redxorblue.com/2021/06/introducing-striker-and-payload.html. They created a clever way to interact with a teamserver without the GUI. Before I get too far, I’ll touch on Aggressor scripting and the Sleep […]

Read More… from Cobalt Strike Sleep Python Bridge

How to Extend Your Reach with Cobalt Strike 

Posted on

We’re often asked, “what does Cobalt Strike do?” In simple terms, Cobalt Strike is a post-exploitation framework for adversary simulations and Red Teaming to help measure your security operations program and incident response capabilities. Cobalt Strike provides a post-exploitation agent, Beacon, and covert channels to emulate a quiet long-term embedded actor in a network.   If […]

Read More… from How to Extend Your Reach with Cobalt Strike 

TeamServer.prop

Posted on

Following the 4.4 release, you may have noticed a warning message when starting your teamserver: The missing file is optional and its absence does not break the teamserver. It contains a number of optional parameters that can be used to customize the settings used to validate screenshot and keylog callback data, which allows you to […]

Read More… from TeamServer.prop

Cobalt Strike 4.4: The One with the Reconnect Button

Posted on

Cobalt Strike 4.4 is now available. This release puts more control into your hands, improves Cobalt Strike’s evasive qualities and addresses a number of smaller changes requested by our users… and yes! We’ve added a reconnect button! User Defined Reflective DLL Loader Cobalt Strike has a lot of flexibility in its Reflective Loading foundation but […]

Read More… from Cobalt Strike 4.4: The One with the Reconnect Button

Cobalt Strike DoS Vulnerability (CVE-2021-36798)

Posted on

SentinelOne discovered a denial of service (DoS) vulnerability in Cobalt Strike. The bug (aka Hotcobalt) can cause a denial of service on a teamserver by using a fake beacon sending abnormally large screenshots. This bug has been fixed in Cobalt Strike 4.4 Consider mitigating this risk to a teamserver by hardening your C2 infrastructure. Thank you, […]

Read More… from Cobalt Strike DoS Vulnerability (CVE-2021-36798)

Introducing Mimikatz Kit

Posted on

You can now update Mimikatz between Cobalt Strike releases. Updates will periodically be made available to licensed users via the Arsenal as the Mimikatz Kit. Usage: Download and extract the .tgz from the Arsenal (Note: The version uses the Mimikatz release version naming (i.e., 2.2.0.20210724) Load the mimikatz.cna aggressor script Use mimikatz functions as normal […]

Read More… from Introducing Mimikatz Kit

CredBandit (In memory BOF MiniDump) – Tool review – Part 1

Posted on

One of the things I find fascinating about being on the Cobalt Strike team is the community. It is amazing to see how people overcome unique challenges and push the tool in directions never considered. I want explore this with CredBandit (https://github.com/xforcered/CredBandit). This tool has had updates since I started exploring. I’m specifically, looking at […]

Read More… from CredBandit (In memory BOF MiniDump) – Tool review – Part 1

New home for Cobalt Strike malleable c2 profiles and scripts

Posted on

The Cobalt Strike references (malleable c2 profiles, scripts, Elevate Kit, etc.) have been consolidated under a new GitHub account. https://github.com/cobalt-strike We understand that many blog posts (and even our documentation) have references to the original links. The original links will be available for the time being but may not be in the future. Update your […]

Read More… from New home for Cobalt Strike malleable c2 profiles and scripts