Cobalt Strike 03.13.14 – NECCDC Edition
I’m writing this from a New Hampshire Bed and Breakfast where I’ve apparently received the Jacuzzi suite. I’m here for a romantic weekend running psexec
CCDC Red Teams: Ten Tips to Maximize Success
The CCDC season is upon us. This is the time of year when professionals with many years of industry experience “volunteer” to hack against college
Cobalt Strike 02.27.14 – Details Matter
Cobalt Strike 1.48 (02.27.14) is now available. This release is the byproduct of a very intense development cycle. The theme of this release is: details
Why I give all of my training material away—for free
I’m the developer of a commercial penetration testing product, Cobalt Strike. People are often amazed that I have a free 9-part Penetration Testing course on
Obituary: Java Self-Signed Applet (Age: 1.7u51)
The Java Signed Applet Attack is a staple social engineering option. This attack presents the user with a signed Java Applet. If the user allows
Cloud-based Redirectors for Distributed Hacking
A common trait among persistent attackers is their distributed infrastructure. A serious attacker doesn’t use one system to launch attacks and catch shells from. Rather,
Cobalt Strike 01.08.14 – EXE Artifacts: A New Hope
Cobalt Strike has always exposed the Metasploit Framework’s tool to generate executables. Unfortunately, these executables are caught by anti-virus products. I’ve had a lot of
Man-in-the-Browser Session Hijacking
Malware like Zeus and its variants inject themselves into a user’s browser to steal banking information. This is a man-in-the-browser attack. So-called, because the attacker
Why do I always use 32-bit payloads?
Yesterday, one of my customers asked about x64 payloads in Cobalt Strike. Specifically, he wanted to know why Cobalt Strike doesn’t expose them. I’ve already
Cobalt Strike 1.48 – Peer-to-peer C&C
I’m pleased to announce Cobalt Strike 1.48. This release introduces a peer-to-peer data channel for Beacon, improves browser pivoting, and updates the signed applet attack with