Cobalt Strike Attack Simulation with AV Enabled
Рет қаралды 30,042
Күн бұрын
@docmalitt 3 жыл бұрын
hey man, wow. just wow. really amazing quality content. u gotta stop paying attention on stupid comments (mine too) and keep up the amazing work. lot of good infosec content lately going around yet you are quite special. thx for your trouble and please keep 'em coming - and we'll keep enjoying/watching and trying to do our best reproducing the scenarios...
@ByteMasterPro 3 жыл бұрын
Can you do a tutorial on how you created the shortcut/PDF?
@codyenders3016 3 жыл бұрын
This was perfect thank you!
@rafster15able 3 жыл бұрын
I want to thank you, your content is incredible ... keep it up, I've been using cobalt for a few months, and your workflow is what I need p / d: forget the children what they comment in a negative way.
@DR1Z3R 3 жыл бұрын
03:09 how are you using the fodhelper bypass in a fully patched win10? 🤔
@4SkidsTV 3 жыл бұрын
The bypass itself is still unpatched; it's just now being detected by defender. If you run the powershell version of the bypass line-by-line, you'll notice that defender blocks execution whenever strings like "cmd /c" or "powershell" are used when setting the target registry value. Calling your exe directly, or using other means of execution like rundll32 can bypass this detection mechanism. Finally, defender will also detect the bypass behaviorally as it executes, so anything that pauses the execution of the script before the call to fodhelper will work to bypass that. Thanks for your question, hope this helps!
@zin4204 2 жыл бұрын
why do you embed in pdf what do you use?
@andretarvok7122 3 жыл бұрын
How did you get a copy of cobalt strike? I tried to purchase it and was denied.
@res59pe 2 жыл бұрын
You can download the full version as crack from a trusted forums.But be careful.
@cat3584 2 жыл бұрын
@@res59pe what forums do you use?
@deathfromthekrypt 3 жыл бұрын
How did you end up generating the beacon? Simply through CS or a custom aggressor script?
@4SkidsTV 3 жыл бұрын
It was done with the aggressor script from Cobalt Strike's Artifact kit after integrating it with SysWhispers. Raphael Mudge, the creator of Cobalt Strike, has an excellent video covering that process here: kzbin.info/www/bejne/o4vcfqZohbVmbtk
@saglamyalanci587 2 жыл бұрын
It is Cobalt strike need port?
@Alex492r 3 жыл бұрын
how did u generate the shortcut file ?, ur already showing us what these repos added to their readme , plz reply soon :P
@sul3y 3 жыл бұрын
He doesn't want you to know pal XD:)
@sul3y 3 жыл бұрын
@@4SkidsTV we just wondering how you embed the beacon shellcode with pdf shortcut not how to make shortcut .
@4SkidsTV 3 жыл бұрын
@@sul3y There is no shellcode embedded in the shortcut. Not sure how that would even be possible or why you assumed that. It's just a shortcut that downloads and executes a cobalt strike beacon, and then replaces the original file. It works the same way as any other shortcut. So, if you can make a normal shortcut, you should be able to make this in the exact same way. As I said, this was a demo, not an opportunity for people to complain about how I didn't walk them through each step. You could have easily googled "making malicious lnk files" and clicked any of the first results to find your answer. Not trying to be harsh, I think it's just kind of ridiculous when people comment things like "there's nothing useful in this video" and act like I'm hiding how a shortcut file works.
@umejeichuks2253 2 жыл бұрын
@@4SkidsTV can you explain that particular trick better. It's really fascinating
@dashdashdash_ Жыл бұрын
@@umejeichuks2253 Its literally what he said...I feel sorry for the guy making this video for people interested in purchasing cobalt strike having his comment section flooded with skids.
@v380riMz 3 жыл бұрын
Do APT groups use Cobalt Strike?
@maingoc1590 3 жыл бұрын
Yes, some groups
@abelimathiasi7509 2 жыл бұрын
Hello thanks for your beautfull tutorials please can you show us how you made that executable looks like a pdf thanks in advance
@n0_0ne. Жыл бұрын
Thanks for your videos . Can you plz share the persistence bof ? Or maybe tell about another ways to get it (maybe automatically via some bof kit ). Even with artifact kit and Boku loader , or elesivemice can't found auto persistence
@ahmadmansour1171 3 жыл бұрын
how u did thr adobe shortcut pls pls pla
@dirtycow2794 3 жыл бұрын
shut up kid !!
@laventesanderson3691 2 жыл бұрын
How do i get Cobalt Strike?
@dashdashdash_ Жыл бұрын
Get the crack from a trusted source or man up, get a job, get some creds and then buy a license
@conan5890 Жыл бұрын
So the reason it get access to the pc it because the pc is member of workgroup. So with just 2 commands can enable the administrator account of a pc and get access and then software can take place. What about if a pc is on a domain ? :)
@Cacadordedinheiro1 3 жыл бұрын
you make own malware and next connect to cobalt?
@greyhat9969 2 жыл бұрын
How to make external connection ?
@ERRORNOTFOUND-sb7le 3 жыл бұрын
Download link please
@Crazy--Clown 3 жыл бұрын
Download link
@sul3y 3 жыл бұрын
There's nothin' useful in this video..
@dirtycow2794 3 жыл бұрын
everything is useful in this video, u're just a scriptkiddie who even dont' understand basics :)
@ofureedo6516 2 жыл бұрын
How can i reach you please re u on twitter or telegra
@franciscoespinosa8048 3 жыл бұрын
Hello sir, I was wondering if you could please teach me this and help me out with a project that I have a big budget for. I tried to find your email or another way to contact you directly but was unable to find the email address or other contact info. Please let me know how I may contact you directly. Thank you very much.
@somexne 3 жыл бұрын
Say the project, there are many disposable and professional people here. As me.
@saglamyalanci587 2 жыл бұрын
Write your mail.Im professional pentester.I can work for you
Cyber Attack & Defense
Рет қаралды 3,2 М.
SANS Digital Forensics and Incident Response
Рет қаралды 32 М.
Military Cyber Professionals Association
Рет қаралды 1,2 М.
Exploit Blizzard
Рет қаралды 2,5 М.