Cobalt Strike 02.27.14 – Details Matter
Cobalt Strike 1.48 (02.27.14) is now available. This release is the byproduct of a very intense development cycle. The theme of this release is: details
Four Levels of Hacking Sophistication with Beacon
Beacon is Cobalt Strike’s payload for red team actions. Beacon is a stable lifeline that can serve as a communication layer. Meterpreter is a fantastic post-exploitation agent
Man-in-the-Browser Session Hijacking
Malware like Zeus and its variants inject themselves into a user’s browser to steal banking information. This is a man-in-the-browser attack. So-called, because the attacker
Stealthy Peer-to-peer C&C over SMB pipes
Beacon is my payload for low and slow control of a compromised system. Recently, I added peer-to-peer communication to Beacon. When two Beacons are linked,
Cobalt Strike 1.48 – Peer-to-peer C&C
I’m pleased to announce Cobalt Strike 1.48. This release introduces a peer-to-peer data channel for Beacon, improves browser pivoting, and updates the signed applet attack with
Beacon – An Operator’s Guide
Beacon is a payload in Cobalt Strike that has a lot of communication flexibility. This blog post is not a replacement for the documentation, but rather
Armitage and Cobalt Strike 1.47 Released
Armitage and Cobalt Strike 1.47 are now available. This release improves many aspects of the workflow in both Armitage and Cobalt Strike. Here are some
Phishing System Profiles without Phone Calls
What type of reconnaissance do you do before a phishing attack? Recently, I was having dinner with new friends and inevitably, our conversation became a
Hacking through a Straw (Pivoting over DNS)
Last month, I announced Beacon’s ability to control a host over DNS. I see Beacon as a low and slow lifeline to get an active session,
That’ll never work–we don’t allow port 53 out
One of my favorite Cobalt Strike features is its ability to quietly manage a compromised system with DNS. Being rather proud of this feature, I