-
#FakeLogonScreen is a C# utility to steal a user's password using a fake Windows logon screen. This password will then be validated and saved to disk. Useful in combination with#CobaltStrike's execute-assembly command. https://github.com/bitsadmin/fakelogonscreen …pic.twitter.com/2pAOk9InLM -
#CobaltStrike Beacon found at https://pastebin.com/raw/dDMqMkC9 SHA256: 5884a9cefa3fa1f841923eefcf4201c0ffacabc275687fa1d2a7786f5cdaf281 C2: http://iexploreservice[.]com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books, -
#CobaltStrike Beacon found at https://pastebin.com/raw/pQBRGHSZ SHA256: 629a030baf77efbc5946965ccec68b06428e9b721102f4dbd4fa40233c27abf4 C2: http://40[.]114[.]116[.]10/w/index[.]php, -
#CobaltStrike Beacon found at https://pastebin.com/raw/inPtSYFK SHA256: 2cc90d4ca4c8787527a33e6a14eae90670773f2278a9e3bb79d2c1c9d51631f0 C2: http://46[.]28[.]205[.]87/ca, -
New versions of
#CobaltStrike Beacon have moved away from the hardcoded default config XOR key. Since a couple examples hit Pastebin last week, I upgraded@ScumBots config parser to handle other key values.https://twitter.com/ScumBots/status/1224442375088435200 … -
I just added some of the
#CobaltStrike scripts I use to a new repository. The script you need is the logging.cna script created by@r3dQu1nn.https://github.com/bitsadmin/cobaltstrike … -
#Movekit is an extension built into#CobaltStrike for lateral movement by leveraging the execute_assembly function with the SharpMove and SharpRDP .NET assemblies. Users can execute a command on a remote system through WMI, DCOM, RDP, etc.#CyberSecurityhttps://github.com/0xthirteen/MoveKit … -
#CobaltStrike Beacon found at https://pastebin.com/raw/0LHQqS7q SHA256: 2ae3ad81274c717f56cf9db2bd7ac9f52c3b583f2ffedb132dfde0c7109dc560 C2: -
PowerShell that reflectively loads
#CobaltStrike Beacon DLL https://pastebin.com/0LHQqS7q Final payload: https://www.virustotal.com/gui/file-analysis/MTZmNTQyZjQ0YWY2MTJkNDAxZTU3NDY5OTJkYWNkYmM6MTU4MDU3MDU2Nw==/detection … -
Adversary simulation toolkits ? The joke's on us.
#Cobaltstrike#cybersecurity#cyberattackspic.twitter.com/h1ugWVPydO
-
#CobaltStrike Move faster, Stay longer with MoveKit and StayKit https://nzzl.us/z55Agyw -
What's more exciting than the beginning of 2020?
#CobaltStrike 4.0 variants! Here's a walkthrough of some of the useful changes that come with the 4.0 release.
#CyberSecurity#infosechttps://fortynorthsecurity.com/blog/cobalt-strike-variants/ … -
Finally got around to migrating my AES Powershell payload created for
#CobaltStrike to a standalone script. https://github.com/offsecginger/AES-PowerShellCode … Just needs position independent shellcode (Windows). Should probably also obfuscate your shellcode prior.#InfoSec#OST -
2019-12-16:
#Shellcode#Payload Loader ->
#CobaltStrike XOR Blob 0xAA|
Dbg vcruntime140d & ucrtbased -> FUD
C:\Users\ahrmo\Desktop\cobaltstrike 3.14\payload\AvByPass\x64\Debug\AvByPass.pdb
C2:47.107.136. 247
MD5: 42bd9b67a5576b5332f97a3c2bd48399
h/t @malwrhunterteampic.twitter.com/MwFD5lKmcV
-
cobaltstrike - beacon.dll "Your No Ordinary MZ (DOS) Header"
#sample#malware#cobaltstrike blog post: https://tccontre.blogspot.com/2019/11/cobaltstrike-beacondll-your-not.html … links: https://app.any.run/tasks/dc833ad4-508a-42eb-9bc2-cef42a558e89/ … https://www.virustotal.com/gui/file/3462e89f38d399d93e2dbe2cf415f8dabbd93c45bd8b9725274116c9b309be88/detection …pic.twitter.com/VWCnHEbFAF
-
2019-10-09 - More Docusign-themed
#malspam pushing#Hancitor again today (I missed yesterday's wave) - Took me a while to get the zip archive from links in the emails, but I eventually got it. Infection traffic contains indicators for#Pony,#EvilPony,#Ursnif, and#CobaltStrike pic.twitter.com/Tpa26JMl70
-
Here's a Cobaltstrike beacon being popped on a VPN client that connected to pulse secure. Will share more information later on in the week or next week with
@Alyssa_Herrera_@bad_packets Is that scary or what?#CodeExec#CobaltStrike#RedTeam#PulseSecurepic.twitter.com/8PpXRAwsXxPrikaži ovu nit -
Learn about our Aggressor MSBuild scripts for CobaltStrike, how to use them, and direct links to all resources. Just a small taste of what will be covered in our free webinar and BHUSA training
#msbuild#cobaltstrike#cybersecurity https://www.fortynorthsecurity.com/aggressive-msbuild-bypass-detection/ … -
Redteam folks: looking for any resources on cobalt strike scripting, beyond the basics Mudge has on the website. Talks, tutorials, whitepapers, examples all welcome.
#redteam#cobaltstrike -
Happy to share that the Sliver framework is live at our
#GitHub right now - if you were intrigued by this#cobaltstrike alternative, check it out: https://hubs.ly/H0jlgDx0
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.