My First Go with BloodHound
I finally had a chance to sit down and play with BloodHound. This was an item on my hacker todo list for awhile now. In
Agentless Post Exploitation
Agentless Post Exploitation is using system administration capabilities to meet post-exploitation objectives, without an agent on the target. It’s just evil system administration. This talk
What happened to my Kill Date?
Cobalt Strike 3.4 introduced a Kill Date feature. This is a date that Cobalt Strike embeds into each Beacon stage. If a Beacon artifact is
Why is rundll32.exe connecting to the internet?
Previously, I wrote a blog post to answer the question: why is notepad.exe connecting to the internet? This post was written in response to a generation
Who let the logs out? Woof.
Logging is an important feature in any red team operations platform. Logs serve multiple purposes. Good logs aid reporting. If an operator needs output for
Talk to your children about Payload Staging
Time to time, I find myself in an email exchange about payload security and payload staging. The payload security discussion revolves around Beacon’s security features.
What is a stageless payload artifact?
I’ve had a few questions about Cobalt Strike’s stageless payloads and how these compare to other payload varieties. In this blog post, I’ll explain stageless
HOWTO: Port Forwards through a SOCKS proxy
Recently, I’ve had multiple people ask about port forwards with Cobalt Strike’s Beacon payload. Beacon has had SOCKS proxy pivoting support since June 2013. This feature
Pics or it didn’t happen…
One of the most important things in a red teamer’s job is evidence. If you can’t demonstrate impact and make a risk real, it’s as
Linux, Left out in the Cold?
I’ve had several folks ask about Linux targets with Cobalt Strike 3.0 and later. Beacon is a Windows-only payload. The big question becomes, how do