CTA Type: Blog

verify.cobaltstrike.com outage summary

Posted on

Cobalt Strike’s update process was degraded due to a data center outage that affected https://verify.cobaltstrike.com. The verify server is back up and the functionality of our update process is restored. Here’s the timeline of the incident: November 10, 2020 – 5:15pm EST The Cobalt Strike update process is degraded. You may still download and update […]

Read More… from verify.cobaltstrike.com outage summary

Cobalt Strike 4.2 – Everything but the kitchen sink

Posted on

Cobalt Strike 4.2 is now available. This release overhauls our user exploitation features, adds more memory flexibility options to Beacon, adds more behavior flexibility to our post-exploitation features, and makes some nice changes to Malleable C2 too. User Exploitation Redux Cobalt Strike’s screenshot tool and keystroke logger are examples of user exploitation tools. These capabilities are […]

Read More… from Cobalt Strike 4.2 – Everything but the kitchen sink

Beacon Object File ADVENTURES: Some Zerologon, SMBGhost, and Situational Awareness

Posted on

Cobalt Strike can use PowerShell, .NET, and Reflective DLLs for its post-exploitation features. This is the weaponization problem set. How to take things, developed outside the tool, and create a path to use them in the tool. One of the newest weaponization options in Cobalt Strike are Beacon Object Files. A Beacon Object File is […]

Read More… from Beacon Object File ADVENTURES: Some Zerologon, SMBGhost, and Situational Awareness

Cobalt Strike 4.1 – The Mark of Injection

Posted on

Cobalt Strike 4.1 is now available. This release introduces a new way to build post-ex tools that work with Beacon, pushes back on a generic shellcode detection strategy, and grants added protocol flexibility to the TCP and named pipe Beacons. Beacon Object Files Cobalt Strike has weaponization options for PowerShell, .NET, and Reflective DLLs. These […]

Read More… from Cobalt Strike 4.1 – The Mark of Injection

SSL certificate verification for failed

Posted on

TL;DR a certificate for part of the Cobalt Strike update infrastructure changed. Download the 20200511 distribution package to avoid certificate verification errors. If you recently ran the Cobalt Strike update program (version 20191204); you may see a nice message about the failed SSL certificate verification for verify.cobaltstrike.com: verify.cobaltstrike.com hosts a text file with SHA256 hashes […]

Read More… from SSL certificate verification for failed

Cobalt Strike joins Core Impact at HelpSystems, LLC (now Fortra)

Posted on

I founded Strategic Cyber LLC in 2012 to advocate a vision of threat-representative security testing. Over time, Cobalt Strike became the de facto commercial standard for red team operations and adversary simulations. I’ve long asked myself, how do I stay a good partner to my customers as their numbers grow and this field evolves? Today is a […]

Read More… from Cobalt Strike joins Core Impact at HelpSystems, LLC (now Fortra)

Cobalt Strike 4.0 – Bring Your Own Weaponization

Posted on

Cobalt Strike 4.0 is now available. This release improves Cobalt Strike’s distributed operations model, revises post-exploitation workflows to drop some historical baggage, and adds “Bring Your Own Weaponization” workflows for privilege escalation and lateral movement. A Vision for Red Team Server Consolidation Cobalt Strike’s model for distributed operations (2013!) is to stand up a new server for […]

Read More… from Cobalt Strike 4.0 – Bring Your Own Weaponization

That time a printer tried to get Cobalt Strike

Posted on

I’m sometimes asked: “Raphael, what does Strategic Cyber LLC do to control Cobalt Strike?” That’s the subject of this blog post. What is Cobalt Strike? The textbook answer is that Cobalt Strike is a platform for red team operations and adversary simulations. In the right hands, Cobalt Strike empowers security professionals and enables better security […]

Read More… from That time a printer tried to get Cobalt Strike