Rapid7’s Managed Threat Complete with unlimited incident response and vulnerability management. Contain costs and eliminate threats. Get Started Now.

Contribute to Doneone/happy_cs development by creating an account on GitHub.

Understanding common attack vectors and how threat actors move in your environment post-compromise is critical to identifying what kind of…

I have been looking at several samples of Cobalt Strike beacons used in malware attacks. Although work is still ongoing, I already want to share my findings. Cobalt Strike beacons communicating ove…

This blog post will cover the Cobalt Strike DLL stager's anatomy, design choices and highlight ways to reduce both log footprint and time-to-shellcode.

Aggrokatz is an aggressor plugin extension for Cobalt Strike which enables pypykatz to interface with the beacons remotely and allows it to parse LSASS dump files and registry hive files to extract...

Detect and respond to Cobalt Strike beacons using ETW. - 3lp4tr0n/BeaconHunter

By: Jason Reaves and Joshua Platt

A few days ago, someone uploaded an interesting OLE file to VirusTotal. It abuses the Kaspersky brand, and it is written in Russian and English language. Unfortunately, the original document uses a coercive lure, and the macros contain logic to download w

Context

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation - mgeeky/RedWarden

Some Statistics on Cobalt Strike Configs in April and May 2021

Recently I've been looking at the .NET CLR internals and wanted to understand what further techniques may be available for executing unmanaged code from the managed runtime. This post contains a snipped of some of the weird techniques that I found.

Contribute to Cerbersec/DomainBorrowingC2 development by creating an account on GitHub.

Cobalt Strike is a popular tool with cybersecurity professionals. Unfortunately, it’s also utilized by threat actors.

Estimated Reading Time: 8 minutes In the past few weeks, I was working on a new project that could help me to solve an issue during a case I was facing, I needed a tool to help me pulling off my payload through DNS without being noisy or suspicious with the…

Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type - outflanknl/HelpColor

.NET Project for Attacking vCenter. Contribute to JamesCooteUK/SharpSphere development by creating an account on GitHub.