Beacon : A new advance payload for Cobalt Strike

Raphael Mudge (Creator of Cobalt Strike) announced Another Advance Payload for Cobalt Strike called "Beacon". In a conversation with M14 Network Inc. Raphael said "A big gap in the penetration tester's toolbox are covert command and control options, especially for long engagements. Beacon is a new feature in Cobalt Strike to remedy this problem."

Cobalt Strikes's graphical user interface offers direct control of the 700+ exploits and advanced features in the open source Metasploit Framework. Beacon is a Cobalt Strike payload for long-term asynchronous command and control of compromised hosts. It works like other Metasploit Framework payloads. You may embed it into an executable, add it to a document, or deliver it with a client-side exploit.

Beacon downloads tasks using HTTP requests. You may configure Beacon to connect to multiple domains. For extra stealth, Beacon may use DNS requests to check if a task is available. This limits the communications between the penetration tester and the target network.

Beacon is a critical tool for penetration testers who must mimic the threats their clients face today.

Beacon’s features include
* Check task availability using HTTP or DNS
* Beacon to multiple domains (who cares if that first one is blocked)
* Capable of automatic migration immediately after staging
* Tight integration with Cobalt Strike. Deliver beacon with social engineering packages, client-side exploits, and session passing
* Intuitive console to manage and task multiple beacons at once

Cobalt Strike treats a Beacon session different from a Meterpreter session. Hosts infected with Beacon will not turn red with lightning bolts indicating access.

The Beacon console allows you to see which tasks were issued to a Beacon and to see when it downloads them. You may issue tasks through the Beacon console as well. Beacon's shell command will send a task to execute a command on the compromised host. When the command completes, Beacon will present the output to you.

Complete Documentation on Beacon usage is available here.

Post a Comment

M14 Network Inc. | Hassnain Arts