AWS Lambda Redirector

In this post we will be looking at AWS Lambda, how we can deploy code using the Serverless framework, and how we can use this technology as a redirector for Cobalt Strike... Read More »

Protecting Your Malware with blockdlls and ACG

In Cobalt Strike, blockdlls was introduced to allow protection of spawned processes from non-Microsoft signed DLL's. In this post I will show just how this works, and look at an additional process security option which could help us to deter endpoint security products.... Read More »

How to Argue like Cobalt Strike

In Cobalt Strike 3.13, the argue command was introduced as a way of taking advantage of argument spoofing. I was first made aware of the concept while watching Will Burgess's awesome talk RedTeaming in the EDR Age [https://www.youtube.com/watch?v=l8nkXCOYQC4], with Will crediting Casey Smith who presented the idea during a series of tweets. As with anything introduced to Cobalt Strike which has the chance to improve operational security, I wanted to dig into the concept further to see just how ... Read More »