Out of Band Update: Cobalt Strike 4.10.1
Cobalt Strike Blog
by Pieter Ceelen
3d ago
Cobalt Strike 4.10.1 is now available. This is an out of band update to fix issues that were discovered in Cobalt Strike 4.10 that we felt should be fixed before the next release. This update does not affect the 4.11 release which is well underway and due to ship in early 2025. Mutiple Team Server [...] Read More... from Out of Band Update: Cobalt Strike 4.10.1 The post Out of Band Update: Cobalt Strike 4.10.1 appeared first on Cobalt Strike ..read more
Visit website
Cobalt Strike Staffing Changes and the Road Ahead
Cobalt Strike Blog
by Pieter Ceelen
3w ago
TLDR: Cobalt Strike Staffing Changes Recently there have been some internal changes within the Cobalt Strike team. Greg Darwin has switched to a new position within Fortra. Greg has been the face of Cobalt Strike within the community for a number of years and we thank Greg for all his work and effort he put [...] Read More... from Cobalt Strike Staffing Changes and the Road Ahead The post Cobalt Strike Staffing Changes and the Road Ahead appeared first on Cobalt Strike ..read more
Visit website
Revisiting the UDRL Part 3: Beacon User Data
Cobalt Strike Blog
by Robert Bearsby
3M ago
The UDRL and the Sleepmask are key components of Cobalt Strike’s evasion strategy, yet historically they have not worked well together. For example, prior to CS 4.10, Beacon statically calculated its location in memory using a combination of its base address and its section table. This calculation was then modified depending on the contents of [...] Read More... from Revisiting the UDRL Part 3: Beacon User Data The post Revisiting the UDRL Part 3: Beacon User Data appeared first on Cobalt Strike ..read more
Visit website
Cobalt Strike 4.10: Through the BeaconGate
Cobalt Strike Blog
by William Burgess
5M ago
Cobalt Strike 4.10 is now available. This release introduces BeaconGate, the Postex Kit, and Sleepmask-VS. In addition, we have overhauled the Sleepmask API, refreshed the Jobs UI, added new BOF APIs, added support for hot swapping C2 hosts, and more. This has been a longer release cycle than in previous releases to allow us to make underlying architectural changes to support our longer-term ambitions. Note: Cobalt Strike 4.10 introduces breaking changes to the update application. Licensed users will need to download version 4.10 from scratch. The existing 4.9 update application cannot be used ..read more
Visit website
Europol Coordinates Global Action Against Criminal Abuse of Cobalt Strike
Cobalt Strike Blog
by
5M ago
Press Release: View Original Europol Announcement 03 Jul 2024 – Law enforcement has teamed up with the private sector to fight against the abuse of a legitimate security tool by criminals who were using it to infiltrate victims’ IT systems. Older, unlicensed versions of the Cobalt Strike red teaming tool were targeted during a week of action coordinated from Europol’s headquarters between 24 and 28 June.  Throughout the week, law enforcement flagged known IP addresses associated with criminal activity, along with a range of domain names used by criminal groups, for online service provide ..read more
Visit website
Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM
Cobalt Strike Blog
by William Burgess
11M ago
In our ‘Cobalt Strike and YARA: Can I Have Your Signature?’ blog post, we highlighted that the sleep mask is a common target for in-memory YARA signatures. In that post we recommended using the evasive sleep mask option to scramble the sleep mask at run time and break any static signatures. However, this solves the problem at the cost of introducing further forensic artefacts onto a host and increasing our footprint. A much simpler solution is to mutate the sleep mask each time we compile it to make static signatures redundant. This blog introduces the mutator kit, which uses an LLVM obfuscato ..read more
Visit website
Out of Band Update: Cobalt Strike 4.9.1
Cobalt Strike Blog
by Greg Darwin
1y ago
Cobalt Strike 4.9.1 is now available. This is an out of band update to fix an issue that was discovered in the 4.9 release that we felt would negatively impact customers as they start to roll out the release and for which there is no straightforward workaround. We also took the opportunity to address a couple of other issues that were slated to be addressed in the 4.10 release. This update does not affect the 4.10 release which is underway and due to ship in early 2024.   Post-Ex Loader Obfuscate and Cleanup Settings We have fixed an issue whereby the default post-ex reflective loade ..read more
Visit website
Cobalt Strike 4.9: Take Me To Your Loader
Cobalt Strike Blog
by Greg Darwin
1y ago
Cobalt Strike 4.9 is now available. This release sees an overhaul to Cobalt Strike’s post exploitation capabilities to support user defined reflective loaders (UDRLs), the ability to export Beacon without a reflective loader which adds official support for prepend-style UDRLs, support for callbacks in a number of built-in functions, a new in-Beacon data store and more.   We intend to publish a few follow-up blog posts over the next couple of weeks to provide more detail on some of the changes in this release, so please keep your eye on the blog for those updates. If you haven’t subsc ..read more
Visit website
Revisiting the User-Defined Reflective Loader Part 2: Obfuscation and Masking
Cobalt Strike Blog
by Robert Bearsby
1y ago
This is the second installment in a series revisiting the User-Defined Reflective Loader (UDRL). In part one, we aimed to simplify the development and debugging of custom loaders and introduced the User-Defined Reflective Loader Visual Studio (UDRL-VS) template. In this installment, we’ll build upon the original UDRL-VS loader and explore how to apply our own custom obfuscation and masking to Beacons with UDRLs. The primary intention of this post is to demonstrate the huge amount of flexibility that is available to UDRL developers in Cobalt Strike and provide code examples for users to apply t ..read more
Visit website
Simplifying BOF Development: Debug, Test, and Save Your B(e)acon 
Cobalt Strike Blog
by Henri Nurmi
1y ago
Beacon Object Files (BOFs) were introduced in Cobalt Strike 4.1 in 2020. Since their release, BOFs have played a key role in post-exploitation activities, surpassing Reflective DLLs, .NET assemblies, and PowerShell scripts. However, in our experience, many developers struggle with four primary pain points: The limitations of writing BOFs in C Dynamic Function Resolution (DFR) Difficulties with debugging BOFs Unit Testing In this blog post, we will tackle these difficulties by introducing a Visual Studio BOF template written in C++, which addresses the issues identified above. We aim to help ..read more
Visit website

Follow Cobalt Strike Blog on FeedSpot

Continue with Google
Continue with Apple
OR