Why do I always use 32-bit payloads?
Yesterday, one of my customers asked about x64 payloads in Cobalt Strike. Specifically, he wanted to know why Cobalt Strike doesn’t expose them. I’ve already
Stealthy Peer-to-peer C&C over SMB pipes
Beacon is my payload for low and slow control of a compromised system. Recently, I added peer-to-peer communication to Beacon. When two Beacons are linked,
Schtasks Persistence with PowerShell One Liners
One of my favorite Metasploit Framework modules is psh_web_delivery. You can find it in exploits -> windows -> misc. This module starts a local web
Tradecraft – Red Team Operations Course and Notes
A few days ago, I posted the YouTube playlist on Twitter and it’s made a few rounds. That’s great. This blog post properly introduces the
Email Delivery – What Pen Testers Should Know
I get a lot of questions about spear phishing. There’s a common myth that it’s easy to phish. Start a local mail server and have your hacking
Browser Pivoting (Get past two-factor auth)
Several months ago, I was asked if I had a way to get past two-factor authentication on web applications. Criminals do it, but penetration testers
What’s in a Team Server?
Clients (like Armitage) interface with the Metasploit Framework through its Remote API. The Remote API is a way for clients to call functions in the
Beacon – An Operator’s Guide
Beacon is a payload in Cobalt Strike that has a lot of communication flexibility. This blog post is not a replacement for the documentation, but rather
Phishing System Profiles without Phone Calls
What type of reconnaissance do you do before a phishing attack? Recently, I was having dinner with new friends and inevitably, our conversation became a
Hacking through a Straw (Pivoting over DNS)
Last month, I announced Beacon’s ability to control a host over DNS. I see Beacon as a low and slow lifeline to get an active session,