User-defined Storage-based Covert Communication
One of my favorite Cobalt Strike technologies is Malleable C2. This is a domain specific language for user-defined storage-based covert communication. That’s just a fancy
So, you won a regional and you’re headed to National CCDC
The 2015 National CCDC season started with 100+ teams across 10 regions. Now, there are 10 teams left and they’re headed to the National CCDC
Reverse Port Forward through a SOCKS Proxy
I had a friend come to me with an interesting problem. He had to get a server to make an outbound connection and evade some
Training Recommendations for Threat Emulation and Red Teaming
A few weeks ago, I had someone write and ask which training courses I would recommend to help setup a successful Red Team program. If
The First Five Minutes
March and April are CCDC season. This is the time of the year when teams of college students get to compete against each other as
Scripting Beacons and Deploying Persistence
One common Cobalt Strike feature request is an API to script the Beacon payload. Doing this right is a big project and it requires some
My Favorite PowerShell Post-Exploitation Tools
PowerShell became a key part of my red team toolkit in 2014. Cobalt Strike 2.1 added PowerShell support to the Beacon payload and this has made
Another Night, Another Actor
Earlier last year, I had a frantic call from a customer. They needed to make a small change to Beacon’s communication pattern and quickly. This
DNS Communication is a Gimmick
I added DNS Communication to Cobalt Strike in June 2013 and refined it further in July 2013. On sales calls and at conferences I get
How I tunnel Meterpreter through Beacon
I write so many blog posts about Beacon, I should just give up and call this the Beacon blog. Beacon is Cobalt Strike’s post-exploitation agent