Cobalt Strike) announced Another Advance Payload for Cobalt Strike called "Beacon". In a conversation with The Hacker News Raphael said "A big gap in the penetration tester's toolbox are covert command and control options, especially for long engagements. Beacon is a new feature in Cobalt Strike to remedy this problem."
Cobalt Strikes's graphical user interface offers direct control of the 700+ exploits and advanced features in the open source Metasploit Framework. Beacon is a Cobalt Strike payload for long-term asynchronous command and control of compromised hosts. It works like other Metasploit Framework payloads. You may embed it into an executable, add it to a document, or deliver it with a client-side exploit.
Beacon downloads tasks using HTTP requests. You may configure Beacon to connect to multiple domains. For extra stealth, Beacon may use DNS requests to check if a task is available. This limits the communications between the penetration tester and the target network.
Beacon is a critical tool for penetration testers who must mimic the threats their clients face today.
Beacon’s features include
* Check task availability using HTTP or DNS
* Beacon to multiple domains (who cares if that first one is blocked)
* Capable of automatic migration immediately after staging
* Tight integration with Cobalt Strike. Deliver beacon with social engineering packages, client-side exploits, and session passing
* Intuitive console to manage and task multiple beacons at once
Cobalt Strike treats a Beacon session different from a Meterpreter session. Hosts infected with Beacon will not turn red with lightning bolts indicating access.
The Beacon console allows you to see which tasks were issued to a Beacon and to see when it downloads them. You may issue tasks through the Beacon console as well. Beacon's shell command will send a task to execute a command on the compromised host. When the command completes, Beacon will present the output to you.
About the author
Subscribe for Updates
Want more Interesting News like this? Sign up here to receive the best of 'The Hacker News' delivered daily straight to your inbox.