Modifying Metasploit’s Stager Shellcode
If you’ve ever had to change a module in the Metasploit Framework, you know the go to place is the modules/ directory off of the
Cobalt Strike 01.08.14 – EXE Artifacts: A New Hope
Cobalt Strike has always exposed the Metasploit Framework’s tool to generate executables. Unfortunately, these executables are caught by anti-virus products. I’ve had a lot of
Man-in-the-Browser Session Hijacking
Malware like Zeus and its variants inject themselves into a user’s browser to steal banking information. This is a man-in-the-browser attack. So-called, because the attacker
Why do I always use 32-bit payloads?
Yesterday, one of my customers asked about x64 payloads in Cobalt Strike. Specifically, he wanted to know why Cobalt Strike doesn’t expose them. I’ve already
Reverse Meterpreter Connect-backs through a Compromised Host
<update 03:30pm> I’ve had some feedback that this post describes a concept that is too basic to put into blog form. I can see where this
Cobalt Strike 1.48 – Peer-to-peer C&C
I’m pleased to announce Cobalt Strike 1.48. This release introduces a peer-to-peer data channel for Beacon, improves browser pivoting, and updates the signed applet attack with
Evade Egress Restrictions with Staged Payloads
Sometimes, it’s easy to get code execution in a network, but very difficult to egress out of it. When you are an external actor trying
Getting the Most from Armitage’s Console
I have a philosophy. Armitage should make common actions simple and efficient. As soon as you need to break away into an uncommon action, use
The ACE Problem Solving Method (I use this)
The reason I’m in security today is because of the US Air Force’s Advanced Course in Engineering Cyber Security internship program. I turned down an internship at
Browser Pivoting (Get past two-factor auth)
Several months ago, I was asked if I had a way to get past two-factor authentication on web applications. Criminals do it, but penetration testers