Cobalt Strike – Page 6 – WindowsTechs.com

Cobalt Strike 4.4: The One with the Reconnect Button

Posted on August 4, 2021 by Greg Darwin

Cobalt Strike 4.4 is now available. This release puts more control into your hands, improves Cobalt Strike’s evasive qualities and addresses a number of smaller changes requested by our users… and yes! We’ve added a reconnect button! User Defined Reflective DLL Loader Cobalt Strike has a lot of flexibility in its Reflective Loading foundation but […]

Continue reading Cobalt Strike 4.4: The One with the Reconnect Button→

Cobalt Strike DoS Vulnerability (CVE-2021-36798)

Posted on August 4, 2021 by Joe Vest

SentinelOne discovered a denial of service (DoS) vulnerability in Cobalt Strike. The bug (aka Hotcobalt) can cause a denial of service on a teamserver by using a fake beacon sending abnormally large screenshots. This bug has been fixed in Cobalt Strike 4.4 Consider mitigating this risk to a teamserver by hardening your C2 infrastructure. Update […]

Continue reading Cobalt Strike DoS Vulnerability (CVE-2021-36798)→

Cobalt Strike DoS Vulnerability (CVE-2021-36798)

Posted on August 4, 2021 by Joe Vest

Continue reading Cobalt Strike DoS Vulnerability (CVE-2021-36798)→

Criminals are using call centers to spread ransomware in a crafty scheme

Posted on July 29, 2021 by Tonya Riley

An ongoing ransomware campaign that employs phony call centers to trick victims into downloading malware may be more dangerous than previously thought, Microsoft researchers say. Because the malware isn’t in a link or document within the email itself, the scam helps attackers bypass some phishing and malware detecting services, Microsoft researchers noted in a report Thursday. When the company first examined it in May, the scheme features attackers posing as subscription service providers who lure victims onto the phone to cancel a non-existent subscription. Once there, the call center worker guides them to download malware onto their computer. Researchers now say that the malware not only allows hackers a one-time backdoor into the device, as previously thought, but to also remotely control the affected system. That means it’s even easier for them to sweep for files and find high-end user credentials that could be used to drop ransomware such as Ryuk or […]

The post Criminals are using call centers to spread ransomware in a crafty scheme appeared first on CyberScoop.

Continue reading Criminals are using call centers to spread ransomware in a crafty scheme→

Introducing Mimikatz Kit

Posted on July 29, 2021 by Joe Vest

You can now update Mimikatz between Cobalt Strike releases. Updates will periodically be made available to licensed users via the Arsenal as the Mimikatz Kit. Usage: Download and extract the .tgz from the Arsenal (Note: The version uses the Mimikatz release version naming (i.e., 2.2.0.20210724) Load the mimikatz.cna aggressor script Use mimikatz functions as normal […]

The post Introducing Mimikatz Kit appeared first on Cobalt Strike Research and Development.

Continue reading Introducing Mimikatz Kit→

Introducing Mimikatz Kit

Posted on July 29, 2021 by Joe Vest

The post Introducing Mimikatz Kit appeared first on Cobalt Strike Research and Development.

Continue reading Introducing Mimikatz Kit→

CredBandit (In memory BOF MiniDump) – Tool review – Part 1

Posted on July 13, 2021 by Joe Vest

One of the things I find fascinating about being on the Cobalt Strike team is the community. It is amazing to see how people overcome unique challenges and push the tool in directions never considered. I want explore this with CredBandit (https://github.com/xforcered/CredBandit). This tool has had updates since I started exploring. I’m specifically, looking at […]

Continue reading CredBandit (In memory BOF MiniDump) – Tool review – Part 1→

Email claiming Kaseya patch drops Cobalt Strike malware

Posted on July 8, 2021 by Sudais Asif

By Sudais Asif
The malicious email campaign is claiming to contain a patch for the Kaseya vulnerability but in fact, it is the infamous Cobalt Strike malware.
This is a post from HackRead.com Read the original post: Email claiming Kaseya patch drops Co… Continue reading Email claiming Kaseya patch drops Cobalt Strike malware→

Suspected Chinese hackers target telecom research in Taiwan, Recorded Future says

Posted on July 8, 2021 by Tonya Riley

A suspected Chinese state-sponsored group is targeting telecommunications organizations in Taiwan, Nepal and the Philippines, researchers at Recorded Future’s Insikt Group said in a report Thursday. Researchers noticed intrusions from the group, which investigators called TAG-22, in June targeting telecommunications organizations including the Industrial Technology Research Institute in Taiwan, Nepal Telecom and the Department of Information and Communications Technology in the Philippines. Some of the activity appears to be ongoing as of press time, researchers said. The new findings play into a larger backdrop of apparent Chinese hackers snooping on global competition in the telecommunications space, which has become an arena of political and economic conflict between China and the United States. “In particular, the targeting of the ITRI is notable due to its role as a technology research and development institution that has set up and incubated multiple Taiwanese technology firms,” researchers wrote. They noted that the organization is […]

The post Suspected Chinese hackers target telecom research in Taiwan, Recorded Future says appeared first on CyberScoop.

Continue reading Suspected Chinese hackers target telecom research in Taiwan, Recorded Future says→

New home for Cobalt Strike malleable c2 profiles and scripts

Posted on July 7, 2021 by Joe Vest

The Cobalt Strike references (malleable c2 profiles, scripts, Elevate Kit, etc.) have been consolidated under a new GitHub account. https://github.com/cobalt-strike We understand that many blog posts (and even our documentation) have references to the original links. The original links will be available for the time being but may not be in the future. Update your […]

Continue reading New home for Cobalt Strike malleable c2 profiles and scripts→