Cobalt Strike – Page 9 – WindowsTechs.com

SSL certificate verification for failed

Posted on May 12, 2020 by rsmudge

TL;DR a certificate for part of the Cobalt Strike update infrastructure changed. Download the 20200511 distribution package to avoid certificate verification errors. If you recently ran the Cobalt Strike update program (version 20191204); you may see a nice message about the failed SSL certificate verification for verify.cobaltstrike.com: verify.cobaltstrike.com hosts a text file with SHA256 hashes […] Continue reading SSL certificate verification for failed→

Cobalt Strike 4.0 – Bring Your Own Weaponization

Posted on December 5, 2019 by rsmudge

Cobalt Strike 4.0 is now available. This release improves Cobalt Strike’s distributed operations model, revises post-exploitation workflows to drop some historical baggage, and adds “Bring Your Own Weaponization” workflows for privilege escalation and lateral movement. A Vision for Red Team Server Consolidation Cobalt Strike’s model for distributed operations (2013!) is to stand up a new […] Continue reading Cobalt Strike 4.0 – Bring Your Own Weaponization→

New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

Posted on November 14, 2019 by Swati Khandelwal

Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Troja… Continue reading New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks→

Threat Actor Impersonates USPS to Deliver Backdoor Malware

Posted on November 14, 2019 by Tara Seals

The campaign is consistent with emerging tactics from bad actors to use increasingly sophisticated social engineering and spoofing to deliver malware. Continue reading Threat Actor Impersonates USPS to Deliver Backdoor Malware→

Cobalt Strike’s Process Injection: The Details

Posted on August 21, 2019 by rsmudge

Cobalt Strike 3.14 finally delivered some of the process injection flexibility I’ve long wanted to see in the product. In this post, I’d like to write about my thoughts on process injection, and share a few details on how Cobalt Strike’s implementation(s) work. Along the way, I will share details about which methods you might […] Continue reading Cobalt Strike’s Process Injection: The Details→

Cobalt Strike 3.14 – Post-Ex Omakase Shimasu

Posted on May 2, 2019 by rsmudge

Cobalt Strike 3.14 is now available. This release benefits the OPSEC of Beacon’s post-exploitation jobs. To take a screenshot, log keystrokes, dump credentials, or scan for targets: Beacon often spawns a temporary process, injects the capability into it, and receives results over a pipe. While Cobalt Strike has a lot of flexibility around launching temporary […] Continue reading Cobalt Strike 3.14 – Post-Ex Omakase Shimasu→

Anomaly in pen-test tool made malware servers visible

Posted on March 4, 2019 by John E Dunn

A security company was able to track command and control traffic generated by hacking groups thanks to an anomaly in a pen-testing tool. Continue reading Anomaly in pen-test tool made malware servers visible→

Adobe Patches Actively Exploited ColdFusion Zero-Day Flaw

Posted on March 4, 2019 by Lucian Constantin

Adobe Systems released an emergency update for the ColdFusion application server to fix a critical remote code execution that’s already being exploited by attackers. The vulnerability, tracked as CVE-2019-7816, is located in the upload functiona… Continue reading Adobe Patches Actively Exploited ColdFusion Zero-Day Flaw→

Cobalt Strike Team Server Population Study

Posted on February 19, 2019 by rsmudge

From February 4, 2019 to February 15, 2019 Strategic Cyber LLC connected to several live Cobalt Strike team servers to download Beacon payloads, analyze them, and study the information within these payloads. We conducted the survey from a system that exists separate of this company’s logs and records. The survey results were available on the […] Continue reading Cobalt Strike Team Server Population Study→

Hackers abusing Google App Engine to spread PDF malware

Posted on January 26, 2019 by Waqas

By Waqas
The Cobalt Strike advanced persistent threat (APT) group is using Google App Engine to spread PDF malware against financial firms. The IT security researchers at Netskope have discovered a sophisticated malware campaign in which cybercriminals… Continue reading Hackers abusing Google App Engine to spread PDF malware→