The Hacker News
Raphael Mudge (Creator of Cobalt Strike) announced Another Advance Payload for Cobalt Strike called "Beacon". In a conversation with The Hacker News Raphael said "A big gap in the penetration tester's toolbox are covert command and control options, especially for long engagements. Beacon is a new feature in Cobalt Strike to remedy this problem."

Cobalt Strikes's graphical user interface offers direct control of the 700+ exploits and advanced features in the open source Metasploit Framework. Beacon is a Cobalt Strike payload for long-term asynchronous command and control of compromised hosts. It works like other Metasploit Framework payloads. You may embed it into an executable, add it to a document, or deliver it with a client-side exploit.

Beacon downloads tasks using HTTP requests. You may configure Beacon to connect to multiple domains. For extra stealth, Beacon may use DNS requests to check if a task is available. This limits the communications between the penetration tester and the target network.

Beacon is a critical tool for penetration testers who must mimic the threats their clients face today.

Beacon's features include
* Check task availability using HTTP or DNS
* Beacon to multiple domains (who cares if that first one is blocked)
* Capable of automatic migration immediately after staging
* Tight integration with Cobalt Strike. Deliver beacon with social engineering packages, client-side exploits, and session passing
* Intuitive console to manage and task multiple beacons at once
The Hacker News

Cobalt Strike treats a Beacon session different from a Meterpreter session. Hosts infected with Beacon will not turn red with lightning bolts indicating access.
The Hacker News

The Beacon console allows you to see which tasks were issued to a Beacon and to see when it downloads them. You may issue tasks through the Beacon console as well. Beacon's shell command will send a task to execute a command on the compromised host. When the command completes, Beacon will present the output to you.
The Hacker News

Complete Documentation on Beacon usage is available here.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.