Cobalt Strike 4.9: Take Me To Your Loader
https://www.cobaltstrike.com/blog/cobalt-strike-49-take-me-to-your-loader
https://www.cobaltstrike.com/blog/cobalt-strike-49-take-me-to-your-loader
Cobalt Strike
Cobalt Strike 4.9: Take Me To Your Loader | Cobalt Strike
Cobalt Strike 4.9 is live, with post-ex support for UDRLs, the ability to export Beacon without a loader, support for callbacks and more.
👍1
Taking a quick look at the new Aggressor callbacks in Cobalt Strike 4.9.
https://rastamouse.me/cobalt-strike-aggressor-callbacks/
https://rastamouse.me/cobalt-strike-aggressor-callbacks/
BOFRYPTOR: ENCRYPTING YOUR BEACON DURING BOF EXECUTION TO AVOID MEMORY SCANNERS
https://github.com/securifybv/BOFRyptor
https://github.com/securifybv/BOFRyptor
GitHub
GitHub - securifybv/BOFRyptor
Contribute to securifybv/BOFRyptor development by creating an account on GitHub.
👍5
Create Reflective DLL for Cobalt Strike with GOLANG
https://sokarepo.github.io//redteam/2023/10/11/create-reflective-dll-for-cobaltstrike.html
https://sokarepo.github.io//redteam/2023/10/11/create-reflective-dll-for-cobaltstrike.html
Creating Object File Monstrosities with Sleep Mask and LLVM
The Mutator kit is now part of the Cobalt Strike Arsenal Kit. It allows you to mutate BOFs, sleep masks and more with LLVM.
🔗 https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm
The Mutator kit is now part of the Cobalt Strike Arsenal Kit. It allows you to mutate BOFs, sleep masks and more with LLVM.
🔗 https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm
Cobalt Strike
Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM
This blog introduces the mutator kit, which uses an LLVM obfuscator to break in-memory YARA scanning of the sleep mask.
🔥4❤1👍1
Injecting Malicious Code into PDF Files and PDF Dropper Creation
https://cti.monster/blog/2024/07/25/pdfdropper.html
https://cti.monster/blog/2024/07/25/pdfdropper.html
0x6rss
Injecting Malicious Code into PDF Files and PDF Dropper Creation
❤2
DojoLoader — Generic PE Loader for Prototyping Evasion Techniques
This is a versatile PE loader designed for prototyping evasion techniques. It supports downloading and executing encrypted shellcode, dynamic IAT hooking, and three Sleep obfuscation methods. Ideal for use with UDRL-less Beacon payloads from Cobalt Strike.
Blog Post:
https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html
Source:
https://github.com/naksyn/DojoLoader
#cobaltstrike #udrl #memory #evasion
This is a versatile PE loader designed for prototyping evasion techniques. It supports downloading and executing encrypted shellcode, dynamic IAT hooking, and three Sleep obfuscation methods. Ideal for use with UDRL-less Beacon payloads from Cobalt Strike.
Blog Post:
https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html
Source:
https://github.com/naksyn/DojoLoader
#cobaltstrike #udrl #memory #evasion
Naksyn’s blog
Raising Beacons without UDRLs and Teaching them How to Sleep
UDRLs and prepended loaders aren’t the only way to execute a raw payload and get a direct hooking in place. In the case of Cobalt Strike, a generic PE loader can be tweaked to execute an UDRL-less Beacon and get direct hooking for an easier prototyping of…
❤4👍1🤡1🥱1😴1
BeaconGate, Sleepmask... customizing Cobalt Strike after 4.10
https://rwxstoned.github.io/2024-11-13-Cobalt-Strike-customization/
https://rwxstoned.github.io/2024-11-13-Cobalt-Strike-customization/
RWXStoned
BeaconGate, Sleepmask... customizing Cobalt Strike after 4.10 | RWXStoned
a quick new Sleep PoC using the latest Cobalt Strike features
👍3
Process Inject Kit
This is a port of Cobalt Strike's Process Inject Kit from C to the C++ BOF template.
This is a port of Cobalt Strike's Process Inject Kit from C to the C++ BOF template.
GitHub
GitHub - rasta-mouse/process-inject-kit: Port of Cobalt Strike's Process Inject Kit
Port of Cobalt Strike's Process Inject Kit. Contribute to rasta-mouse/process-inject-kit development by creating an account on GitHub.
🥱2❤1👎1💩1
rasta-mouse/process-inject-kit
Port of Cobalt Strike's Process Inject Kit
https://github.com/rasta-mouse/process-inject-kit
Port of Cobalt Strike's Process Inject Kit
https://github.com/rasta-mouse/process-inject-kit
GitHub
GitHub - rasta-mouse/process-inject-kit: Port of Cobalt Strike's Process Inject Kit
Port of Cobalt Strike's Process Inject Kit. Contribute to rasta-mouse/process-inject-kit development by creating an account on GitHub.
🔥3👍1🤡1🥱1😴1
Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection
URL:https://github.com/RedefiningReality/Cobalt-Strike
URL:https://github.com/RedefiningReality/Cobalt-Strike
GitHub
GitHub - RedefiningReality/Cobalt-Strike: Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR…
Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection - RedefiningReality/Cobalt-Strike
👍1