Collaborate Disseminate
My career is taking me in a new and exciting direction, and I am stepping down from my role on the Cobalt Strike team. I’ve spent the last year helping HelpSystems integrate Cobalt Strike into their processes and shift from a single developer to a team effort. I can honestly say that “Cobalt Strike is […]
The Cobalt Strike training web page has been updated. https://www.cobaltstrike.com/training/ The training web page lists free courses created by the Cobalt Strike team that provide an overview of the product. It also lists courses offered by trusted 3rd parties. The 3rd party courses use Cobalt Strike to some degree and can be a great way […]
The User Defined Reflective Loader was first introduced in Cobalt Strike 4.4. to allow the creation and use of a custom reflective loader. This quickly took off by the community and its limits were pushed. Updates were made in 4.5 to help address some of these limits. Updates Increase size A new hook BEACON_DLL_SIZE was […]
Continue reading User Defined Reflective Loader (UDRL) Update in Cobalt Strike 4.5
The sleep mask kit was first introduced in Cobalt Strike 4.4 to allow users to modify how the sleep mask function looks in memory in order to defeat static signatures that identified Beacon. This quickly took off by the community and its limits were pushed. Updates were made in 4.5 to help address some of these limits. Licensed users can download the updated kit from […]
A complementary strategy to the Host Rotation Strategy was introduced to Cobalt Strike 4.5. The max retry strategy was added to HTTP, HTTPS, and DNS beacon listeners. A max retry strategy allows a beacon to exit after a specified failure count. As the failure count increases, sleep is adjusted to a specified value. By default, […]
Continue reading A deeper look into the Max Retry Strategy option
DLL attacks (hijacking, proxying, etc) are a challenge defenders must face. They can be leveraged in a Red Team engagement to help measure these defenses. Have you used this technique? In this post, I’ll walk through an example of adding a DLL proxy to beacon.dll for use in a DLL Proxy attack. What is a […]
The post Create a proxy DLL with artifact kit appeared first on Cobalt Strike Research and Development.
DLL attacks (hijacking, proxying, etc) are a challenge defenders must face. They can be leveraged in a red team engagement to help measure these defenses. Have you used this technique? In this post, I’ll walk through an example of adding a DLL proxy to beacon.dll for use in a DLL Proxy attack. What is a […]
The post Create a proxy DLL with artifact kit appeared first on Cobalt Strike Research and Development.
This project started after seeing how the user community tweaks and tunes Cobalt Strike. I was inspired by @BinaryFaultline and @Mcgigglez16 in their project https://github.com/emcghee/PayloadAutomation and blog post http://blog.redxorblue.com/2021/06/introducing-striker-and-payload.html. They created a clever way to interact with a teamserver without the GUI. Before I get too far, I’ll touch on Aggressor scripting and the Sleep […]
The post Cobalt Strike Sleep Python Bridge appeared first on Cobalt Strike Research and Development.
This project started after seeing how the user community tweaks and tunes Cobalt Strike. I was inspired by @BinaryFaultline and @Mcgigglez16 in their project https://github.com/emcghee/PayloadAutomation and blog post http://blog.redxorblue.com/2021/06/introducing-striker-and-payload.html. They created a clever way to interact with a teamserver without the GUI. Before I get too far, I’ll touch on Aggressor scripting and the Sleep […]
The post Cobalt Strike Sleep Python Bridge appeared first on Cobalt Strike Research and Development.
What is Community Kit? Cobalt Strike is a post-exploitation framework designed to be extended and customized by the user community. Several excellent tools and scripts have been written and published, but they can be challenging to locate. Community Kit is a central repository of extensions written by the user community to extend the capabilities of […]
The post Introducing Cobalt Strike Community Kit appeared first on Cobalt Strike Research and Development.