Cobalt Strike) announced Another Advance Payload for Cobalt Strike called "Beacon". In a conversation with The Hacker News Raphael said "A big gap in the penetration tester's toolbox are covert command and control options, especially for long engagements. Beacon is a new feature in Cobalt Strike to remedy this problem."
Cobalt Strikes's graphical user interface offers direct control of the 700+ exploits and advanced features in the open source Metasploit Framework. Beacon is a Cobalt Strike payload for long-term asynchronous command and control of compromised hosts. It works like other Metasploit Framework payloads. You may embed it into an executable, add it to a document, or deliver it with a client-side exploit.
Beacon downloads tasks using HTTP requests. You may configure Beacon to connect to multiple domains. For extra stealth, Beacon may use DNS requests to check if a task is available. This limits the communications between the penetration tester and the target network.
Beacon is a critical tool for penetration testers who must mimic the threats their clients face today.
Beacon's features include
* Check task availability using HTTP or DNS
* Beacon to multiple domains (who cares if that first one is blocked)
* Capable of automatic migration immediately after staging
* Tight integration with Cobalt Strike. Deliver beacon with social engineering packages, client-side exploits, and session passing
* Intuitive console to manage and task multiple beacons at once
Cobalt Strike treats a Beacon session different from a Meterpreter session. Hosts infected with Beacon will not turn red with lightning bolts indicating access.
The Beacon console allows you to see which tasks were issued to a Beacon and to see when it downloads them. You may issue tasks through the Beacon console as well. Beacon's shell command will send a task to execute a command on the compromised host. When the command completes, Beacon will present the output to you.