Blog The First Five Minutes March and April are CCDC season. This is the time of the year when teams of college students get to compete against each other as
Blog Scripting Beacons and Deploying Persistence One common Cobalt Strike feature request is an API to script the Beacon payload. Doing this right is a big project and it requires some
Blog My Favorite PowerShell Post-Exploitation Tools PowerShell became a key part of my red team toolkit in 2014. Cobalt Strike 2.1 added PowerShell support to the Beacon payload and this has made
Blog Another Night, Another Actor Earlier last year, I had a frantic call from a customer. They needed to make a small change to Beacon’s communication pattern and quickly. This
Blog DNS Communication is a Gimmick I added DNS Communication to Cobalt Strike in June 2013 and refined it further in July 2013. On sales calls and at conferences I get
Blog How I tunnel Meterpreter through Beacon I write so many blog posts about Beacon, I should just give up and call this the Beacon blog. Beacon is Cobalt Strike’s post-exploitation agent
Blog Cobalt Strike 2.3 – I’ve always wanted runas Cobalt Strike 2.3 is now available. This release adds a runas command to Beacon. This command allows you to specify a username and password for any
Blog Pass-the-(Golden)-Ticket with WMIC One of my favorite blog posts from last year was the Adversary Tricks and Treats post from CrowdStrike. They showed how one of the actors
Blog What’s the go-to phishing technique or exploit? This blog post is inspired by a question sent to a local mailing list. The original poster asks, what’s the go-to phishing technique or exploit
Blog When You Know Your Enemy TL;DR This is my opinion on Threat Intelligence: Automated Defense using Threat Intelligence feeds is (probably) rebranded anti-virus. Threat Intelligence offers benefit when used to