Malleable PE, Process Injection, and Post Exploitation

Overview

Malleable C2 profiles are more than communication indicators. Malleable C2 profiles also control Beacon’s in-memory characteristics, determine how Beacon does process injection, and influence Cobalt Strike’s post-exploitation jobs too. The following sections document these extensions to the Malleable C2 language.

PE and Memory Indicators

Process Injection

Controlling Post Exploitation

User Defined Reflective DLL Loader

 

Related Topics