Cobalt Strike

August 2021

Version: 4.4

Aug 4, 2021

New Features
  • Add support for User Defined reflective loaders.

    https://www.cobaltstrike.com/help-user-defined-reflective-loader

  • Add support for User Defined sleep masking.

    https://www.cobaltstrike.com/help-sleep-mask-kit

  • Product licensing and Security enhancements.

  • Avoid localhost Sysmon event 22 for Beacon meta-data resolution.

  • Validate beacons with sleep_mask set have enough code cave space.

  • Add client reconnection option.

  • Add buffering when sending data via NanoHTTPD.

  • Add new dialog to the UI to view the Malleable C2 profile.

  • Add an "allow" option to useragents filter; complements the block added in 4.3.

  • Add alias field for server to login dialog+ Add alias to connection dialog.

  • Add alias on connection tabs on main Cobalt Strike screen.

  • Add spear phishing email template parsing validation to Send client action.

  • Add better C2 linting for code signing configuration.

Enhancements
  • Update Mimikatz (2.2.0 20210724).

  • Update Cobalt Strike updater with cert/subdomain info.

  • Update beacon help for link command.

  • Update c2lint to return a result code.

  • Enhance c2lint and UI handling of coding signing functionality.

  • Enhance failover host rotation strategy(http/s 200 response with invalid data is a failure).

  • UI: enhancement request for Connect dialog to remember last connected teamserver.

Other Fixes
  • Checksum failure when building beacon using compiled Artifact kit.

  • Vulnerability report: Team server crashes when bombarded with too large screenshots. (added TeamServer.prop config).

  • Fix error in arsenal build scripts (add bin/bash directive).

  • Fix various places in the UI where required table row selection was not edited.

  • Fix beacon error when a host entry of a listener contains a space at the end (trim host entry strings).

  • Clicking into the screenshots/keystrokes tabs doesn't immediately focus the list.

  • Fix host rotation 'strategy' option documentation missing from 'listener_create_ext' aggressor function.

March 2021

Version: 4.3

Mar 2, 2021

Enhancements
  • Added support for dns-beacon Malleable C2 group. Added options for DNS Host Indicators: beacon, get_A, get_AAAA, get_TXT, put_metadata, put_output including Malleable C2 Lint changes to support dns-beacon group.

  • Allow DNS Beacons to egress directly through a specified DNS Resolver, rather than using the default resolver from the target server.

  • Host Rotation Strategy for customizing host selection for DNS/HTTP/HTTPS beacons.

  • Allow HTTP/HTTPS configuration of blocked useragent (previously curl/lynx/wget). Added .http-config.block_useragents to Malleable C2.

  • Add support for responding to NS request from specific DNS resolvers including the additional .dns-beacon.ns_response Malleable C2 option.

  • Add timestamp to beacon console messages. The timestamp option can be enabled/disabled in Preferences (Console tab). The timestamp format can be modified with aggressor script. See BEACON_CONSOLE_TIMESTAMP and SSH_CONSOLE_TIMESTAMP in default.cna.

  • Add a PowerShell IEX option in Scripted Web Delivery

Other Fixes
  • Fixed sleep command after exit causing beacons not to exit.
  • Malleable C2 lint was incorrectly showing jitter data in staging preview.
  • Fixed invalid help link (attacks->packages->Windows Executable)
  • Setting sleep to 0 in Malleable C2 caused beacons to fail. Add C2 Lint range for sleep values.
  • Fix data_jitter issue not using any jitter when it was longer than limit (921600). Added minimum data_jitter (10) and performance warning for over 10000. Show data_jitter marker in C2 Lint preview data rather than actual jitter data.

 

Back to Cobalt Strike Products