Who let the logs out? Woof.
Logging is an important feature in any red team operations platform. Logs serve multiple purposes. Good logs aid reporting. If an operator needs output for
Session Passing from Cobalt Strike
Session passing is using one payload to spawn another payload. Sometimes, the payloads are from the same toolset. Other times, they’re not. Session passing options
HOWTO: Port Forwards through a SOCKS proxy
Recently, I’ve had multiple people ask about port forwards with Cobalt Strike’s Beacon payload. Beacon has had SOCKS proxy pivoting support since June 2013. This feature
Pics or it didn’t happen…
One of the most important things in a red teamer’s job is evidence. If you can’t demonstrate impact and make a risk real, it’s as
Linux, Left out in the Cold?
I’ve had several folks ask about Linux targets with Cobalt Strike 3.0 and later. Beacon is a Windows-only payload. The big question becomes, how do
A History of Cobalt Strike in Training Courses
In 2011, I was invited to Austin, TX by the local ISSA and OWASP chapters to teach a class on Armitage and the Metasploit Framework.
Cobalt Strike Tips for 2016 CCDC Red Teams
It’s CCDC season again. CCDC is the National Collegiate Cyber Defense Competition. Teams of students in 10 regions run simulated business networks and defend against red
The Threat Emulation Problem
There are a lot of people who talk about threat emulation. Use our super-duper-elitesy-neatsy-malware to emulate these tactics in your network. I say stuff like
Real-Time Feed of Red Team Activity
There are several research projects to collect raw data from red team activity, process this data, and try to turn it into information. In this
Interoperability with the Metasploit Framework
Cobalt Strike 3.0 is a stand-alone platform for Adversary Simulations and Red Team Operations. It doesn’t depend on the Metasploit Framework. That said, the Metasploit