Then I found this gem which talks about tweaking smbexec.py to evade AV. When trying to pop an SMB shell with relay tools, I've had problems recently with those attempts being stopped by defensive tools.
Be sure to set your domain when configuring the Metasploit module! Check out this presentation on PowerUpSQL to find vulnerable targets, then use mssql_ntlm_stealer module in Metasploit to have fun with the account hashes. PowerUpSQL is awesome for finding servers where you can run stored procedures to send your attacking box a priv'd hash to pass/capture/crack. Scarecrow -I myrawshellcode.bin -etw -domain Here's a specific ScareCrow example that flew under the EDR radar: My CS beacons kept getting gobbled by AV, but the following resources helped me get some stealthy ones generated: Artifact Kit, PEzor and ScareCrow. When generating CS listeners, the C2Concealer from FortyNorth helped me get malleable C2 profiles generated while creating a LetsEncrypt cert at the same time! With Digital Ocean, I found this article helpful. Wherever you spin up your CS instance, it's probably a good idea to lock down the firewall to only specific IPs. Some helpful things mentioned in today's episode:
#COBALT STRIKE BEACON PTH HOW TO#
Today we're talking about Cobalt Strike for newbs - including how to get it up and running, as well as some tools that will help you generate beacons while evading EDR at the same time! This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world.