Technical Director, Cybersecurity at @HelpSystemsMN. Creator of Cobalt Strike for Red Team Ops. Email raffi@strategiccyber.com Always on Twitter hiatus.

Washington, DC
Joined November 2010
Dumping lsass completely in memory without touching disk. Need an exfil BOF added to BOF.NET now to get that 55MB dump straight into #CobaltStrike.
7
92
322
I like this hashtag. This was the impetus of Cobalt Strike. In 2012, our industry's threat model was blind to targeted attack process and post-ex steps had little interest. Goal was to change that and have threat representative security tests. blog.cobaltstrike.com/2014/1…
Yes, because we need Cobalt Strike to be even easier. #BeYourOwnAPT
2
8
40
A. Hacker retweeted
Put together a thing. CSSG - Cobalt Strike Shellcode Generator Aggressor script and menu system to more easily generate Beacon (and other) shellcode with various options. github.com/RCStep/CSSG
1
54
85
A. Hacker retweeted
I wrote a blog & proof of concept for a Beacon Object File that performs remote process injection via thread hijacking instead of spawning a new thread. This was a lot of fun & I’m glad operators who leverage Cobalt Strike can now run in-memory C tools!! connormcgarr.github.io/threa…
4
154
346
Show this thread
A. Hacker retweeted
Just released a new @OutflankNL Cobalt Strike BOF project which uses direct system calls to enumerate processes for specific loaded modules or process handles. E.g. to find open handles to LSASS or processes with CLR loaded for execute-assembly spawnto. github.com/outflanknl/FindOb…
2
111
229