Cobalt Strike, version 4.9 arrives: what changes?

Cobalt Strikethe software that allows the simulation of a cyber attack, has been updated to version 4.9.

The program, capable of emulating realistic threats, is widely used in context IT to test the defensive capabilities of professional infrastructures against attacks malware of various types.

To take advantage of the update, users have a regular license they can download the updated software from the official website or, with Cobalt Strike already installed, perform the update directly from it.

What are the new features introduced with this new version?

Cobalt Strike’s post-exploitation features have been updated as follows DLL post-exploitation now support prepend-style user-defined loader replicas:

  • browserpivot
  • hashdump
  • invokeassembly
  • keylogger
  • mimikatz
  • netview
  • portscan
  • powershell
  • screenshot
  • sshagent.

Other new features introduced with the update concern the supporto callback. The developers themselves stated how “We have received numerous requests from our users to make it easier to process the results of certain function calls. This is challenging due to the asynchronous nature of Cobalt Strike communications, but this issue has been addressed in this release by adding callbacks for several built-in functions“.

Cobalt Strike 4.9 is updated and introduces several new features

Another interesting introduction of Cobalt Strike 4.9 is the WinHTTP supportas explained by the development team itself “A new Malleable C2 group, .http-beacon, has been created. Additionally, a .http-beacon.library option has been added to allow you to set the default library used when creating a new HTTP(S) listener“.

Other news concerns the host profile support for HTTPS listenerupdates in context BOF (with three new APIs) and a more generic update regarding software security.

Regarding this last item, the developers underlined how “A change has been made to the authorization files so that they are no longer backwards compatible with previous versions of Cobalt Strike. This means that the authorization file generated when you upgrade or install version 4.9 will not work with any version 4.8“.


Please enter your comment!
Please enter your name here