HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Tools Cobalt Strike 4.9: Take Me To Your Loader [CRACKED]

dEEpEst

dEEpEst

☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Mar 29, 2018
Messages
13,859
Solutions
4
Reputation
27
Reaction score
45,545
Points
1,813
Credits
55,080
‎7 Years of Service‎
 
56%
CSPivot.png


Cobalt Strike 4.9 is now available. This release sees an overhaul to Cobalt Strike’s post exploitation capabilities to support user defined reflective loaders (UDRLs), the ability to export Beacon without a reflective loader which adds official support for prepend-style UDRLs, support for callbacks in a number of built-in functions, a new in-Beacon data store and more.

We intend to publish a few follow-up blog posts over the next couple of weeks to provide more detail on some of the changes in this release, so please keep your eye on the blog for those updates. If you haven’t subscribed to the
This link is hidden for visitors. Please Log in or register now.
for blog updates, it is worth considering doing that as well so that you don’t miss anything!

Post-Exploitation Overhaul​

Cobalt Strike’s post-exploitation capabilities have been given an overhaul, with support for prepend-style User Defined Reflective Loaders being added to the following post-exploitation DLLs:

  • browserpivot
  • hashdump
  • invokeassembly
  • keylogger
  • mimikatz
  • netview
  • portscan
  • powershell
  • screenshot
  • sshagent
A new Aggressor Script hook, POSTEX_RDLL_GENERATE, has been added in order to implement this change, and replace the default reflective loader with a UDRL. Full details on this new hook and how it is used can be found in the documentation.

It is important to note that UDRLs for Beacon payloads and post-exploitation payloads are very similar but have some subtle differences. Information on those differences, that relate to the loader entry function, the DLL’s entry point, the RDATA_SECTION pointer argument and the obfuscation start offset can be found in the documentation and should be carefully reviewed prior to making your own changes in this area.

You can find an example implementation of a post-exploitation loader in the
This link is hidden for visitors. Please Log in or register now.
in the Cobalt Strike Arsenal Kit.

A new
This link is hidden for visitors. Please Log in or register now.
option, post-ex.cleanup, has been added to specify whether or not to clean up the post-exploitation reflective loader memory when the DLL is loaded. We have also added the post-ex.transform-x64 and post-ex.transform-x86 blocks to the post-ex Malleable C2 block. Both new blocks support the strrep option, which replaces a string in all post-exploitation DLLs, and strrepex which replaces a string within a specific post-exploitation DLL. Valid DLL names are BrowserPivot, ExecuteAssembly, Hashdump, Keylogger, Mimikatz, NetView, PortScanner, PowerPick, Screenshot, and SSHAgent.

DOWNLOAD​

 
Hi dEEpEst ,

First of all thanks for your all sharing , i want to let you know i have CS491 i can post it this new version cracked ?

Thanks a lot

Cheetah

h_h
 
Cheetah said:
Hi dEEpEst ,

First of all thanks for your all sharing , i want to let you know i have CS491 i can post it this new version cracked ?

Thanks a lot

Cheetah

h_h
Click to expand...
Cheetahof course
 
You must log in or register to reply here.
Back
Top