The Hacker News Logo
Subscribe to Newsletter

Beacon : A new advance payload for Cobalt Strike

Raphael Mudge (Creator of Cobalt Strike) announced Another Advance Payload for Cobalt Strike called "Beacon". In a conversation with The Hacker News Raphael said "A big gap in the penetration tester's toolbox are covert command and control options, especially for long engagements. Beacon is a new feature in Cobalt Strike to remedy this problem."

Cobalt Strikes's graphical user interface offers direct control of the 700+ exploits and advanced features in the open source Metasploit Framework. Beacon is a Cobalt Strike payload for long-term asynchronous command and control of compromised hosts. It works like other Metasploit Framework payloads. You may embed it into an executable, add it to a document, or deliver it with a client-side exploit.

Beacon downloads tasks using HTTP requests. You may configure Beacon to connect to multiple domains. For extra stealth, Beacon may use DNS requests to check if a task is available. This limits the communications between the penetration tester and the target network.

Beacon is a critical tool for penetration testers who must mimic the threats their clients face today.

Beacon’s features include
* Check task availability using HTTP or DNS
* Beacon to multiple domains (who cares if that first one is blocked)
* Capable of automatic migration immediately after staging
* Tight integration with Cobalt Strike. Deliver beacon with social engineering packages, client-side exploits, and session passing
* Intuitive console to manage and task multiple beacons at once

Cobalt Strike treats a Beacon session different from a Meterpreter session. Hosts infected with Beacon will not turn red with lightning bolts indicating access.

The Beacon console allows you to see which tasks were issued to a Beacon and to see when it downloads them. You may issue tasks through the Beacon console as well. Beacon's shell command will send a task to execute a command on the compromised host. When the command completes, Beacon will present the output to you.

Complete Documentation on Beacon usage is available here.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.