User-driven Attacks
A user-driven attack is an attack that relies on a feature to get code execution. Most penetration testers I know rely on user-driven attacks over
Cobalt Strike 2.1 – I have the POWER(shell)
For a long time, I’ve wanted the ability to use PowerUp, Veil PowerView, and PowerSploit with Cobalt Strike. These are useful post-exploitation capabilities written in
Why can’t I psexec with EXE::Custom?
Seasoned Metasploit Framework users know that it’s a bad idea to let the framework generate an executable for you. The framework’s encoders are not a
That was a fun fire drill…
Last week saw the release of Metasploit 4.10. Those who use Armitage and Cobalt Strike noticed that neither tool worked after running msfupdate on Kali
Connecting to a Metasploit RPC server on Windows is not supported
When a user launches Armitage or Cobalt Strike on Windows and presses Start MSF, they’re presented with a curious error. It states: You must connect
Meterpreter Kiwi Extension: Golden Ticket HOWTO
Mimikatz is a rapidly evolving post-exploitation toolkit by Benjamin Delpy. I call it a post-exploitation toolkit because it has a lot of features, far beyond
What happens when I type getsystem?
Meterpreter’s getsystem command is taken for granted. Type getsystem and magically Meterpreter elevates you from a local administrator to the SYSTEM user. What’s really happening
Listeners: Cobalt Strike’s Glue Feature
Listeners are Cobalt Strike’s abstraction in front of the Metasploit Framework’s payload handlers. A handler is the exploit/multi/handler module. This module sets up a server that
Modifying Metasploit’s Stager Shellcode
If you’ve ever had to change a module in the Metasploit Framework, you know the go to place is the modules/ directory off of the
Cobalt Strike 01.08.14 – EXE Artifacts: A New Hope
Cobalt Strike has always exposed the Metasploit Framework’s tool to generate executables. Unfortunately, these executables are caught by anti-virus products. I’ve had a lot of