Blog Library

This section is a collection of blog posts presented as an extra source of information on various topics. They have been reproduced as originally published. More posts are available at https://www.cobaltstrike.com/blog

Automation and Infrastructure Deployment

Create Listeners with an Aggressor Script-listener-create-ext

Manage Cobalt with Services

Simple DNS Redirectors for Cobalt Strike

Broken Promises and Malleable C2 Profiles

Get Familiar with Aggressor Script

Everything Logs

Appropriate Covert Channels

Beacon GATE

Beacongate

UDRL

User Defined Reflective Loader Part 1: Simplifying Development

User Defined Reflective Loader Part 2: Obfuscation and Masking

User Defined Reflective Loader Part 3: Beacon User Data

User Defined Reflective Loader Update in Cobalt Strike 4.5

Evasion

Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM

Cobalt Strike and YARA: Can I Have Your Signature?

Behind the Mask: Spoofing Call Stacks Dynamically with Timers

Arsenal Kit Update: Thread Stack Spoofing

Sleep Mask Update in Cobalt Strike 4.5

Create a Proxy DLL with Artifact Kit

Pushing Back on Userland Hooks with Cobalt Strike

In-Memory Evasion

BOF Development

Simplifying BOF Development: Debug, Test, and Save Your B(e)acon

Writing Beacon Object Files: Flexible, Stealthy, and Compatible

POST-EX

Process Injection Update in Cobalt Strike 4.5

Introducing Mimikatz Kit

Cobalt Strike’s Process Injection: The Details

Cobalt Strike 3.14 – Post-Ex Omakase Shimasu

PowerShell Shellcode Injection on Win 10 (v1803)

Kits, Profiles, and Scripts… Oh my!

Agentless Post Exploitation

Session Passing from Cobalt Stirke

Post-Exploitation Only (Not Really)

How do I psexec without an initial Beacon?

Lateral Movement

Named Pipe Pivoting

Misc

HOWTO: Port Forwards Through a SOCKS Proxy

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
4.11 | 202503270226 | March 2025