Monday, June 27, 2022

Sleeping with a Mask On (Cobalt Strike)

You’ve met with a terrible fate, haven’t you?

In Cobalt Strike 4.4, Sleep Mask Kit was released to help operators customize the encryption algorithm used to obfuscate the data and strings within beacon’s memory. By default it uses a 13-byte XOR key, however this key size easily changed by modifying a single variable and rebuilding the Sleep Mask Kit. If you want to get even more creative, you can change the algorithm entirely.

I haven’t seen much information on this topic yet so I wanted to pu…

Read More

Latest news
Related news