Executive Summary
Versions 4.2 and 4.3 of Cobalt Strike’s server contain multiple Denial of Service vulnerabilities (CVE-2021-36798).
The vulnerabilities can render existing Beacons unable to communicate with their C2 server, prevent new beacons from being installed, and have the potential to interfere with ongoing operations.
We have released a new Python library to help generically parse Beacon communication in order to help the research security community.
Introduction
Cobalt Strike is o…