The new version of Cobalt Strike 4.9 is now available for all users. This release includes several improvements to post-operation Cobalt Strike, such as Beacon exports without a reflective bootloader, official URL support in Prepend, and support for reverse calls in many built-in functions, among other updates.
Let’s take a closer look at the most significant changes in this release:
1. DLL set for post-operation Cobalt Strike now supports UDRL in Prepend. This includes the following DLLs: Browserpivot, Hashdump, InvoKeassembly, Keylogger, Mimikatz, NetView, PortScan, PowerShell, Screenshot, and Sshagent.
2. A new Aggressor Script interceptor called postex_rdll_generate has been introduced to the UDRL. This allows for the modification and replacement of the default bootloader.
3. Beacon can now be used without the export function of a reflective bootloader, which improves UDRL support in Prepend.
4. Reverse calls for several built-in functions in Aggressor Script have been added, following numerous user requests. The included functions cover various main components of the platform, such as .NET execution, the Library of .NET classes, and programming language compilers.
The .NET framework is widely used to develop desktop, web, and mobile applications, as well as games and web server services.