cobalt_strike_certificates

Previousc2_infrastructure Nextcpl_resource_runner_payload

Last updated 3 years ago

Was this helpful?

cobalt_strike_certificates

COBALT STRIKE CERTIFICATES

Self-signed Certificates with SSL Beacon The HTTPS Beacon uses the HTTP Beacon's indicators in its communication. Malleable C2 profiles may also specify parameters for the Beacon C2 server's self-signed SSL certificate. This is useful if you want to replicate an actor with unique indicators in their SSL certificate: https-certificate { set CN "bobsmalware.com"; set O "Bob's Malware"; } The certificate parameters under your profile's control are: OptionExampleDescription CUSCountry CNbeacon.cobaltstrike.comCommon Name; Your callback domain LWashingtonLocality OStrategic Cyber LLCOrganization Name OUCertificate DepartmentOrganizational Unit Name STDCState or Province validity365Number of days certificate is valid for

===========================================================

Valid SSL Certificates with SSL Beacon You have the option to use a Valid SSL certificate with Beacon. Use a Malleable C2 profile to specify a Java Keystore file and a password for the keystore. This keystore must contain your certificate's private key, the root certificate, any intermediate certificates, and the domain certificate provided by your SSL certificate vendor. Cobalt Strike expects to find the Java Keystore file in the same folder as your Malleable C2 profile.

https-certificate { set keystore "domain.store"; set password "mypassword"; } The parameters to use a valid SSL certificate are:

OptionExampleDescription keystoredomain.storeJava Keystore file with certificate information passwordmypasswordThe password to your Java Keystore Here are the steps to create a Valid SSL certificate for use with Cobalt Strike's Beacon:

Use the keytool program to create a Java Keystore file. This program will ask "What is your first and last name?" Make sure you answer with the fully qualified domain name to your Beacon server. Also, make sure you take note of the keystore password. You will need it later.

$ keytool -genkey -keyalg RSA -keysize 2048 -keystore domain.store 2. Use keytool to generate a Certificate Signing Request (CSR). You will submit this file to your SSL certificate vendor. They will verify that you are who you are and issue a certificate. Some vendors are easier and cheaper to deal with than others.

$ keytool -certreq -keyalg RSA -file domain.csr -keystore domain.store 3. Import the Root and any Intermediate Certificates that your SSL vendor provides.

$ keytool -import -trustcacerts -alias FILE -file FILE.crt -keystore domain.store 4. Finally, you must install your Domain Certificate.

$ keytool -import -trustcacerts -alias mykey -file domain.crt -keystore domain.store And, that's it. You now have a Java Keystore file that's ready to use with Cobalt Strike's Beacon.

===============================

Previousc2_infrastructure Nextcpl_resource_runner_payload

Last updated 3 years ago

Was this helpful?

COBALT STRIKE CERTIFICATES

===========================================================

https-certificate { set keystore "domain.store"; set password "mypassword"; } The parameters to use a valid SSL certificate are:

Use the keytool program to create a Java Keystore file. This program will ask "What is your first and last name?" Make sure you answer with the fully qualified domain name to your Beacon server. Also, make sure you take note of the keystore password. You will need it later.

$ keytool -certreq -keyalg RSA -file domain.csr -keystore domain.store 3. Import the Root and any Intermediate Certificates that your SSL vendor provides.

$ keytool -import -trustcacerts -alias FILE -file FILE.crt -keystore domain.store 4. Finally, you must install your Domain Certificate.

$ keytool -import -trustcacerts -alias mykey -file domain.crt -keystore domain.store And, that's it. You now have a Java Keystore file that's ready to use with Cobalt Strike's Beacon.

===============================