Cobalt Strike 02.27.14 – Details Matter
Cobalt Strike 1.48 (02.27.14) is now available. This release is the byproduct of a very intense development cycle. The theme of this release is: details
Man-in-the-Browser Session Hijacking
Malware like Zeus and its variants inject themselves into a user’s browser to steal banking information. This is a man-in-the-browser attack. So-called, because the attacker
Cobalt Strike 1.48 – Peer-to-peer C&C
Iām pleased to announce Cobalt Strike 1.48. This release introduces a peer-to-peer data channel for Beacon, improves browser pivoting, and updates the signed applet attack with
Armitage and Cobalt Strike 1.47 Released
Armitage and Cobalt Strike 1.47 are now available. This release improves many aspects of the workflow in both Armitage and Cobalt Strike. Here are some
Phishing System Profiles without Phone Calls
What type of reconnaissance do you do before a phishing attack? Recently, I was having dinner with new friends and inevitably, our conversation became a
DNS Command and Control Added to Cobalt Strike
Many networks are like sieves. A reverse TCP payload or an HTTP/S connection is all it takes to get out. Once in a while, you
Cobalt Strike Boxed Set comes to ShmooCon
It’s the middle of February, love is in the air, and… I’m busy preparing for my favorite hacker conference ShmooCon. This year, for the second
Two Years of Fast and Easy Hacking
Today marks the two-year anniversary of the release of Armitage. My goal was to create a collaboration tool for exercise red teams. I wanted to show
Advanced Threat Tactics Training
I share a lot from my experiences playing on exercise red teams. I talk about the tactics to collaborate, persist on systems, and challenge network defenders
Dirty Red Team Tricks II at Derbycon 2.0
Last year, I spoke on Dirty Red Team Tricks at Derbycon. This talk was a chance to share what I had used at the Collegiate