Self-signed SSL Certificates with SSL Beacon

The HTTPS Beacon uses the HTTP Beacon’s indicators in its communication. Malleable C2 profiles may also specify parameters for the Beacon C2 server’s self-signed SSL certificate. This is useful if you want to replicate an actor with unique indicators in their SSL certificate:

https-certificate {
set CN   "bobsmalware.com";
set O    "Bob’s Malware";
}

The certificate parameters under your profile’s control are:

Option Example Description
C US Country
CN beacon.cobaltstrike.com Common Name; Your callback domain
L Washington Locality
O Fortra, LLC Organization Name
OU Certificate Department Organizational Unit Name
ST DC State or Province
validity 365 Number of days certificate is valid for

 

Related Topics