HOWTO: Reset Your Cobalt Strike License Key
Time to time, I hand out Cobalt Strike license keys to non-customers. Sometimes these are to support an event (e.g., the National CCDC Red Team).
Who let the logs out? Woof.
Logging is an important feature in any red team operations platform. Logs serve multiple purposes. Good logs aid reporting. If an operator needs output for
HOWTO: Port Forwards through a SOCKS proxy
Recently, I’ve had multiple people ask about port forwards with Cobalt Strike’s Beacon payload. Beacon has had SOCKS proxy pivoting support since June 2013. This feature
Cobalt Strike 3.3 – Now with less PowerShell.exe
The fourth release in the Cobalt Strike 3.x series is now available. There’s some really good stuff here. I think you’ll like it. Unmanaged PowerShell
User Exploitation at Scale
Some hackers only think about access. It’s the precious. How to get that first shell? I don’t care too much about this. I’m concerned about
Pics or it didn’t happen…
One of the most important things in a red teamer’s job is evidence. If you can’t demonstrate impact and make a risk real, it’s as
Linux, Left out in the Cold?
I’ve had several folks ask about Linux targets with Cobalt Strike 3.0 and later. Beacon is a Windows-only payload. The big question becomes, how do
A History of Cobalt Strike in Training Courses
In 2011, I was invited to Austin, TX by the local ISSA and OWASP chapters to teach a class on Armitage and the Metasploit Framework.
Cobalt Strike Tips for 2016 CCDC Red Teams
It’s CCDC season again. CCDC is the National Collegiate Cyber Defense Competition. Teams of students in 10 regions run simulated business networks and defend against red
The Threat Emulation Problem
There are a lot of people who talk about threat emulation. Use our super-duper-elitesy-neatsy-malware to emulate these tactics in your network. I say stuff like