William Burgess – WindowsTechs.com

Cobalt Strike and Outflank Security Tooling: Friends in Evasive Places

Posted on July 19, 2023 by William Burgess

This is a joint blog written by the Cobalt Strike and Outflank teams. It is also available on the Outflank site. Over the past few months there has been increasing collaboration and knowledge sharing internally between the Cobalt Strike and Outflank R&D teams. We are excited about the innovation opportunities made possible by this teamwork […]

Cobalt Strike and YARA: Can I Have Your Signature?

Posted on May 16, 2023 by William Burgess

Over the past few years, there has been a massive proliferation of YARA signatures for Beacon. We know from conversations with our customers that this has become problematic when using Cobalt Strike for red team engagements and that there has been some confusion over how Cobalt Strike’s malleable C2 options can help. Therefore, this blog […]

Behind the Mask: Spoofing Call Stacks Dynamically with Timers

Posted on February 13, 2023 by William Burgess

This blog introduces a PoC technique for spoofing call stacks using timers. Prior to our implant sleeping, we can queue up timers to overwrite its call stack with a fake one and then restore the original before resuming execution. Hence, in the same way we can mask memory belonging to our implant during sleep, we […]