Cobalt Strike 4.6 is now shipping!
2022-05-10
Cobalt Strike Release Notes:
- Improved product security.
- The Cobalt Strike teamserver now runs from a Executable image (TeamServerImage), rather than a standard Java application.
- The Cobalt Strike client now runs from a new jar file ('cobaltstrike-client.jar' rather than 'cobaltstrike.jar').
- The 'TeamServerImage' and 'cobaltstrike-client.jar' files are extracted from the 'cobaltstrike.jar' as needed.
- Increased 1MB size limit for execute-assembly (also used by dllinject and other tasks). The maximum size can now be controlled via three new Malleable C2 profile settings.
- Combined all kits in the Cobalt Strike arsenal into a single kit. Available via the Cobalt Strike -> Help -> Arsenal menu option.
- Added a warning message if the host parameter to the teamserver is not a known network interface on the server when connecting.
- Fixed an issue that caused service binaries to use rundll32 rather than the spawnto value. Note that the fix for this is located in the new arsenal kit rather than the core product.
- Fixed an issue that caused Cobalt Strike's http listener to be vulnerable when URLs start with "/" as outlined in CVE-2022-23317.
- Fixed an issue that caused metadata of a .NET assembly load to be generated when running the powerpick command.
- Fixed an issue that was preventing an x86 foreign listener from being spawned.
- Fixed an issue that was preventing Beacon from cleaning up the loader when the cleanup flag is used on Windows 7 SP1.
- Fixed an issue that erroneously required an address for the string length to be passed when calling BeaconFormatToString in a BOF.
- Fixed an issue that was causing "Net View" in the GUI to return an error while the command line "net view" worked fine.
- Fixed an issue where a Beacon would not properly clean up memory for the loader in some cases.