CINXE.COM

<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link rel="profile" href="http://gmpg.org/xfn/11"> <meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' />  <title>Cobalt Strike 4.7: The 10th Anniversary Edition | Cobalt Strike</title> <meta name="description" content="Cobalt Strike 4.7 is live and contains support for SOCKS5, BOF memory fingerprint improvements and a UI overhaul." /> <link rel="canonical" href="https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="Cobalt Strike 4.7: The 10th Anniversary Edition | Cobalt Strike" /> <meta property="og:description" content="Cobalt Strike 4.7 is live and contains support for SOCKS5, BOF memory fingerprint improvements and a UI overhaul." /> <meta property="og:url" content="https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition" /> <meta property="og:site_name" content="Cobalt Strike" /> <meta property="article:published_time" content="2022-08-17T18:36:01+00:00" /> <meta property="article:modified_time" content="2023-08-09T20:11:12+00:00" /> <meta property="og:image" content="https://www.cobaltstrike.com/app/uploads/2023/01/socks-1.png" /> <meta name="author" content="Greg Darwin" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:creator" content="@gregdarwin" /> <meta name="twitter:label1" content="Written by" /> <meta name="twitter:data1" content="Greg Darwin" /> <meta name="twitter:label2" content="Est. reading time" /> <meta name="twitter:data2" content="12 minutes" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"Article","@id":"https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition/#article","isPartOf":{"@id":"https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition/"},"author":{"name":"Greg Darwin","@id":"https://www.cobaltstrike.com/#/schema/person/be74ae01bec433d77ea65f6b757718ba"},"headline":"Cobalt Strike 4.7: The 10th Anniversary Edition","datePublished":"2022-08-17T18:36:01+00:00","dateModified":"2023-08-09T20:11:12+00:00","mainEntityOfPage":{"@id":"https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition/"},"wordCount":2503,"publisher":{"@id":"https://www.cobaltstrike.com/#organization"},"image":{"@id":"https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition/#primaryimage"},"thumbnailUrl":"https://www.cobaltstrike.com/app/uploads/2023/01/socks-1.png","inLanguage":"en-US"},{"@type":"WebPage","@id":"https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition/","url":"https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition/","name":"Cobalt Strike 4.7: The 10th Anniversary Edition | Cobalt Strike","isPartOf":{"@id":"https://www.cobaltstrike.com/#website"},"primaryImageOfPage":{"@id":"https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition/#primaryimage"},"image":{"@id":"https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition/#primaryimage"},"thumbnailUrl":"https://www.cobaltstrike.com/app/uploads/2023/01/socks-1.png","datePublished":"2022-08-17T18:36:01+00:00","dateModified":"2023-08-09T20:11:12+00:00","description":"Cobalt Strike 4.7 is live and contains support for SOCKS5, BOF memory fingerprint improvements and a UI overhaul.","breadcrumb":{"@id":"https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition/#primaryimage","url":"https://www.cobaltstrike.com/app/uploads/2023/01/socks-1.png","contentUrl":"https://www.cobaltstrike.com/app/uploads/2023/01/socks-1.png","width":698,"height":309},{"@type":"BreadcrumbList","@id":"https://www.cobaltstrike.com/blog/cobalt-strike-4-7-the-10th-anniversary-edition/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.cobaltstrike.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"/blog/"},{"@type":"ListItem","position":3,"name":"Cobalt Strike 4.7: The 10th Anniversary Edition"}]},{"@type":"WebSite","@id":"https://www.cobaltstrike.com/#website","url":"https://www.cobaltstrike.com/","name":"Cobalt Strike","description":"Adversary Simulation and Red Team Operations","publisher":{"@id":"https://www.cobaltstrike.com/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://www.cobaltstrike.com/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https://www.cobaltstrike.com/#organization","name":"Cobalt Strike","url":"https://www.cobaltstrike.com/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.cobaltstrike.com/#/schema/logo/image/","url":"https://www.cobaltstrike.com/app/uploads/2023/06/fta-cobalt-strike-light-1.svg","contentUrl":"https://www.cobaltstrike.com/app/uploads/2023/06/fta-cobalt-strike-light-1.svg","width":242,"height":73,"caption":"Cobalt Strike"},"image":{"@id":"https://www.cobaltstrike.com/#/schema/logo/image/"}},{"@type":"Person","@id":"https://www.cobaltstrike.com/#/schema/person/be74ae01bec433d77ea65f6b757718ba","name":"Greg Darwin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.cobaltstrike.com/#/schema/person/image/","url":"https://secure.gravatar.com/avatar/02192e93b380698a6375c77456dc7cc2?s=96&d=mm&r=g","contentUrl":"https://secure.gravatar.com/avatar/02192e93b380698a6375c77456dc7cc2?s=96&d=mm&r=g","caption":"Greg Darwin"},"description":"Greg Darwin is the software development manager for Cobalt Strike, by Fortra. He is responsible for all R&D activities related to the product. He spent about a year working closely with founder Raphael Mudge after Fortra acquired Cobalt Strike and continues to prioritize the foundational principles of Cobalt Strike: stability and flexibility. Greg writes about Cobalt Strike's roadmap, new releases, and more.","sameAs":["https://dev-cobalt-strike-archive.pantheonsite.io","https://x.com/gregdarwin"],"url":"https://www.cobaltstrike.com/author/gdarwin"}]}</script>  <link rel='dns-prefetch' href='//www.cobaltstrike.com' /> <link rel="alternate" type="application/rss+xml" title="Cobalt Strike » Feed" href="https://www.cobaltstrike.com/feed" /> <script> window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/www.cobaltstrike.com\/wp\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.2"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); </script> <style id='wp-emoji-styles-inline-css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-block-library-css' href='https://www.cobaltstrike.com/wp/wp-includes/css/dist/block-library/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='basic-card-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/basic-card/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='card-carousel-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/card-carousel/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='checklist-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/checklist/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='checkmark-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/checkmark/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='diagonal-icons-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/diagonal-icons/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='embed-form-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/embed-form/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='event-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/event/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='faq-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/faq/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='image-carousel-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/image-carousel/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='large-circle-icons-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/large-circle-icons/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='logo-carousel-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/logo-carousel/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='resource-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/resource/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='tab-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/tab/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='testimonial-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/testimonial/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='testimonial-carousel-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/testimonial-carousel/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='vertical-dot-line-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/vertical-dot-line/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='vertical-timeline-left-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/vertical-timeline-left/style.min.css?ver=6.6.2' media='all' /> <link rel='stylesheet' id='vertical-timeline-right-style-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/blocks/vertical-timeline-right/style.min.css?ver=6.6.2' media='all' /> <style id='global-styles-inline-css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--lichen: #70A59A;--wp--preset--color--fern: #4D7F71;--wp--preset--color--forest: #006A56;--wp--preset--color--dusk: #004442;--wp--preset--color--sky: #8FE5F2;--wp--preset--color--cream: #E3E3E3;--wp--preset--color--mint: #77ECC2;--wp--preset--color--beige: #EBDBC1;--wp--preset--color--blue: #11719C;--wp--preset--color--navy: #004667;--wp--preset--color--gray: #A9A9A9;--wp--preset--color--charchoal: #363e49;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:root { --wp--style--global--content-size: 1100px;--wp--style--global--wide-size: 1100px; }:where(body) { margin: 0; }.wp-site-blocks > .alignleft { float: left; margin-right: 2em; }.wp-site-blocks > .alignright { float: right; margin-left: 2em; }.wp-site-blocks > .aligncenter { justify-content: center; margin-left: auto; margin-right: auto; }:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}.is-layout-flow > .alignleft{float: left;margin-inline-start: 0;margin-inline-end: 2em;}.is-layout-flow > .alignright{float: right;margin-inline-start: 2em;margin-inline-end: 0;}.is-layout-flow > .aligncenter{margin-left: auto !important;margin-right: auto !important;}.is-layout-constrained > .alignleft{float: left;margin-inline-start: 0;margin-inline-end: 2em;}.is-layout-constrained > .alignright{float: right;margin-inline-start: 2em;margin-inline-end: 0;}.is-layout-constrained > .aligncenter{margin-left: auto !important;margin-right: auto !important;}.is-layout-constrained > :where(:not(.alignleft):not(.alignright):not(.alignfull)){max-width: var(--wp--style--global--content-size);margin-left: auto !important;margin-right: auto !important;}.is-layout-constrained > .alignwide{max-width: var(--wp--style--global--wide-size);}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}body{padding-top: 0px;padding-right: 0px;padding-bottom: 0px;padding-left: 0px;}a:where(:not(.wp-element-button)){text-decoration: underline;}:root :where(.wp-element-button, .wp-block-button__link){background-color: #006A56;border-width: 0;color: #ffffff;font-family: inherit;font-size: inherit;line-height: inherit;padding: calc(0.667em + 2px) calc(1.333em + 2px);text-decoration: none;}:root :where(.wp-element-button:hover, .wp-block-button__link:hover){background-color: #004442;color: #ffffff;}:root :where(.wp-element-button:focus, .wp-block-button__link:focus){background-color: #004442;color: #ffffff;}:root :where(.wp-element-button:active, .wp-block-button__link:active){background-color: #004442;color: #ffffff;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-lichen-color{color: var(--wp--preset--color--lichen) !important;}.has-fern-color{color: var(--wp--preset--color--fern) !important;}.has-forest-color{color: var(--wp--preset--color--forest) !important;}.has-dusk-color{color: var(--wp--preset--color--dusk) !important;}.has-sky-color{color: var(--wp--preset--color--sky) !important;}.has-cream-color{color: var(--wp--preset--color--cream) !important;}.has-mint-color{color: var(--wp--preset--color--mint) !important;}.has-beige-color{color: var(--wp--preset--color--beige) !important;}.has-blue-color{color: var(--wp--preset--color--blue) !important;}.has-navy-color{color: var(--wp--preset--color--navy) !important;}.has-gray-color{color: var(--wp--preset--color--gray) !important;}.has-charchoal-color{color: var(--wp--preset--color--charchoal) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-lichen-background-color{background-color: var(--wp--preset--color--lichen) !important;}.has-fern-background-color{background-color: var(--wp--preset--color--fern) !important;}.has-forest-background-color{background-color: var(--wp--preset--color--forest) !important;}.has-dusk-background-color{background-color: var(--wp--preset--color--dusk) !important;}.has-sky-background-color{background-color: var(--wp--preset--color--sky) !important;}.has-cream-background-color{background-color: var(--wp--preset--color--cream) !important;}.has-mint-background-color{background-color: var(--wp--preset--color--mint) !important;}.has-beige-background-color{background-color: var(--wp--preset--color--beige) !important;}.has-blue-background-color{background-color: var(--wp--preset--color--blue) !important;}.has-navy-background-color{background-color: var(--wp--preset--color--navy) !important;}.has-gray-background-color{background-color: var(--wp--preset--color--gray) !important;}.has-charchoal-background-color{background-color: var(--wp--preset--color--charchoal) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-lichen-border-color{border-color: var(--wp--preset--color--lichen) !important;}.has-fern-border-color{border-color: var(--wp--preset--color--fern) !important;}.has-forest-border-color{border-color: var(--wp--preset--color--forest) !important;}.has-dusk-border-color{border-color: var(--wp--preset--color--dusk) !important;}.has-sky-border-color{border-color: var(--wp--preset--color--sky) !important;}.has-cream-border-color{border-color: var(--wp--preset--color--cream) !important;}.has-mint-border-color{border-color: var(--wp--preset--color--mint) !important;}.has-beige-border-color{border-color: var(--wp--preset--color--beige) !important;}.has-blue-border-color{border-color: var(--wp--preset--color--blue) !important;}.has-navy-border-color{border-color: var(--wp--preset--color--navy) !important;}.has-gray-border-color{border-color: var(--wp--preset--color--gray) !important;}.has-charchoal-border-color{border-color: var(--wp--preset--color--charchoal) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='understrap-styles-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/css/style.min.css?ver=1' media='all' /> <link rel='stylesheet' id='swiper-css' href='https://www.cobaltstrike.com/app/themes/helpsystems/js/swiper/swiper-bundle.min.css?ver=8.4.4' media='all' /> <link rel='stylesheet' id='dashicons-css' href='https://www.cobaltstrike.com/wp/wp-includes/css/dashicons.min.css?ver=6.6.2' media='all' /> <script src="https://www.cobaltstrike.com/wp/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script src="https://www.cobaltstrike.com/wp/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/js/popper.min.js?ver=6.6.2" id="popper-js-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/js/bootstrap.bundle.min.js?ver=6.6.2" id="bootstrap4-js-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/js/shuffle.min.js?ver=6.6.2" id="shuffle-js-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/js/custom-javascript.js?ver=1" id="understrap-js-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/js/swiper/swiper-bundle.min.js?ver=8.4.4" id="swiper-js"></script> <link rel="https://api.w.org/" href="https://www.cobaltstrike.com/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://www.cobaltstrike.com/wp-json/wp/v2/posts/2866" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.cobaltstrike.com/wp/xmlrpc.php?rsd" /> <meta name="generator" content="WordPress 6.6.2" /> <link rel='shortlink' href='https://www.cobaltstrike.com/?p=2866' /> <link rel="alternate" title="oEmbed (JSON)" type="application/json+oembed" href="https://www.cobaltstrike.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.cobaltstrike.com%2Fblog%2Fcobalt-strike-4-7-the-10th-anniversary-edition" /> <link rel="alternate" title="oEmbed (XML)" type="text/xml+oembed" href="https://www.cobaltstrike.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.cobaltstrike.com%2Fblog%2Fcobalt-strike-4-7-the-10th-anniversary-edition&format=xml" /> <meta name="mobile-web-app-capable" content="yes"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="apple-mobile-web-app-title" content="Cobalt Strike - Adversary Simulation and Red Team Operations"> <style type="text/css" id="filter-everything-inline-css">.wpc-orderby-select{width:100%}.wpc-filters-open-button-container{display:none}.wpc-debug-message{padding:16px;font-size:14px;border:1px dashed #ccc;margin-bottom:20px}.wpc-debug-title{visibility:hidden}.wpc-button-inner,.wpc-chip-content{display:flex;align-items:center}.wpc-icon-html-wrapper{position:relative;margin-right:10px;top:2px}.wpc-icon-html-wrapper span{display:block;height:1px;width:18px;border-radius:3px;background:#2c2d33;margin-bottom:4px;position:relative}span.wpc-icon-line-1:after,span.wpc-icon-line-2:after,span.wpc-icon-line-3:after{content:"";display:block;width:3px;height:3px;border:1px solid #2c2d33;background-color:#fff;position:absolute;top:-2px;box-sizing:content-box}span.wpc-icon-line-3:after{border-radius:50%;left:2px}span.wpc-icon-line-1:after{border-radius:50%;left:5px}span.wpc-icon-line-2:after{border-radius:50%;left:12px}body .wpc-filters-open-button-container a.wpc-filters-open-widget,body .wpc-filters-open-button-container a.wpc-open-close-filters-button{display:inline-block;text-align:left;border:1px solid #2c2d33;border-radius:2px;line-height:1.5;padding:7px 12px;background-color:transparent;color:#2c2d33;box-sizing:border-box;text-decoration:none!important;font-weight:400;transition:none;position:relative}@media screen and (max-width:768px){.wpc_show_bottom_widget .wpc-filters-open-button-container,.wpc_show_open_close_button .wpc-filters-open-button-container{display:block}.wpc_show_bottom_widget .wpc-filters-open-button-container{margin-top:1em;margin-bottom:1em}}</style> <div id="consent_blackbar"></div> <div style="display:none;" id="teconsent"></div> <style> #teconsent { display: none !important; } </style>  <script async="async" src="https://consent.trustarc.com/notice?domain=helpsystems.com&c=teconsent&gtm=1&js=nj&noticeType=bb&text=true&pn=2&cookieLink=https://www.helpsystems.com/cookie-policy&privacypolicylink=https://www.helpsystems.com/privacy-policy" crossorigin=""></script> <script> var __dispatched__ = {}; //Map of previously dispatched preference levels /* First step is to register with the CM API to receive callbacks when a preference update occurs. You must wait for the CM API (PrivacyManagerAPI object) to exist on the page before registering. */ var __i__ = self.postMessage && setInterval(function() { if (self.PrivacyManagerAPI && __i__) { var apiObject = { PrivacyManagerAPI: { action: "getConsentDecision", timestamp: new Date().getTime(), self: self.location.host } }; self.top.postMessage(JSON.stringify(apiObject), "*"); __i__ = clearInterval(__i__); } }, 50); /* Callbacks will occur in the form of a PostMessage event. This code listens for the appropriately formatted PostMessage event, gets the new consent decision, and then pushes the events into the GTM framework. Once the event is submitted, that consent decision is marked in the 'dispatched' map so it does not occur more than once. */ self.addEventListener("message", function(e, d) { try { if (e.data && (d = JSON.parse(e.data)) && (d = d.PrivacyManagerAPI) && d.capabilities && d.action == "getConsentDecision") { var newDecision = self.PrivacyManagerAPI.callApi("getGDPRConsentDecision", self.location.host).consentDecision; newDecision && newDecision.forEach(function(label) { if (!__dispatched__[label]) { self.dataLayer && self.dataLayer.push({ "event": "GDPR Pref Allows " + label }); __dispatched__[label] = 1; } }); } } catch (xx) { /** not a cm api message **/ } }); self.addEventListener("message", function(e, d) { var notice_behavior = getCookie('notice_behavior'); var cmapi_cookie_privacy = getCookie('cmapi_cookie_privacy'); if ((notice_behavior.indexOf('us') > -1 && (document.cookie.indexOf('cmapi_cookie_privacy') < 0 || cmapi_cookie_privacy.indexOf(2) > -1)) || (notice_behavior.indexOf('eu') > -1 && cmapi_cookie_privacy.indexOf(2) > -1)) { vwoConsent(); } }); function getCookie(cname) { let name = cname + "="; let decodedCookie = decodeURIComponent(document.cookie); let ca = decodedCookie.split(';'); for(let i = 0; i <ca.length; i++) { let c = ca[i]; while (c.charAt(0) == ' ') { c = c.substring(1); } if (c.indexOf(name) == 0) { return c.substring(name.length, c.length); } } return ""; } </script>   <link rel="preconnect" href="https://dev.visualwebsiteoptimizer.com" /> <script type='text/javascript' id='vwoCode'> window._vwo_code || (function() { var account_id=697207, version=2.1, settings_tolerance=2000, hide_element='body', hide_element_style = 'opacity:0 !important;filter:alpha(opacity=0) !important;background:none !important', /* DO NOT EDIT BELOW THIS LINE */ f=false,w=window,d=document,v=d.querySelector('#vwoCode'),cK='_vwo_'+account_id+'_settings',cc={};try{var c=JSON.parse(localStorage.getItem('_vwo_'+account_id+'_config'));cc=c&&typeof c==='object'?c:{}}catch(e){}var stT=cc.stT==='session'?w.sessionStorage:w.localStorage;code={use_existing_jquery:function(){return typeof use_existing_jquery!=='undefined'?use_existing_jquery:undefined},library_tolerance:function(){return typeof library_tolerance!=='undefined'?library_tolerance:undefined},settings_tolerance:function(){return cc.sT||settings_tolerance},hide_element_style:function(){return'{'+(cc.hES||hide_element_style)+'}'},hide_element:function(){if(performance.getEntriesByName('first-contentful-paint')[0]){return''}return typeof cc.hE==='string'?cc.hE:hide_element},getVersion:function(){return version},finish:function(e){if(!f){f=true;var t=d.getElementById('_vis_opt_path_hides');if(t)t.parentNode.removeChild(t);if(e)(new Image).src='https://dev.visualwebsiteoptimizer.com/ee.gif?a='+account_id+e}},finished:function(){return f},addScript:function(e){var t=d.createElement('script');t.type='text/javascript';if(e.src){t.src=e.src}else{t.text=e.text}d.getElementsByTagName('head')[0].appendChild(t)},load:function(e,t){var i=this.getSettings(),n=d.createElement('script'),r=this;t=t||{};if(i){n.textContent=i;d.getElementsByTagName('head')[0].appendChild(n);if(!w.VWO||VWO.caE){stT.removeItem(cK);r.load(e)}}else{var o=new XMLHttpRequest;o.open('GET',e,true);o.withCredentials=!t.dSC;o.responseType=t.responseType||'text';o.onload=function(){if(t.onloadCb){return t.onloadCb(o,e)}if(o.status===200){_vwo_code.addScript({text:o.responseText})}else{_vwo_code.finish('&e=loading_failure:'+e)}};o.onerror=function(){if(t.onerrorCb){return t.onerrorCb(e)}_vwo_code.finish('&e=loading_failure:'+e)};o.send()}},getSettings:function(){try{var e=stT.getItem(cK);if(!e){return}e=JSON.parse(e);if(Date.now()>e.e){stT.removeItem(cK);return}return e.s}catch(e){return}},init:function(){if(d.URL.indexOf('__vwo_disable__')>-1)return;var e=this.settings_tolerance();w._vwo_settings_timer=setTimeout(function(){_vwo_code.finish();stT.removeItem(cK)},e);var t;if(this.hide_element()!=='body'){t=d.createElement('style');var i=this.hide_element(),n=i?i+this.hide_element_style():'',r=d.getElementsByTagName('head')[0];t.setAttribute('id','_vis_opt_path_hides');v&&t.setAttribute('nonce',v.nonce);t.setAttribute('type','text/css');if(t.styleSheet)t.styleSheet.cssText=n;else t.appendChild(d.createTextNode(n));r.appendChild(t)}else{t=d.getElementsByTagName('head')[0];var n=d.createElement('div');n.style.cssText='z-index: 2147483647 !important;position: fixed !important;left: 0 !important;top: 0 !important;width: 100% !important;height: 100% !important;background: white !important;';n.setAttribute('id','_vis_opt_path_hides');n.classList.add('_vis_hide_layer');t.parentNode.insertBefore(n,t.nextSibling)}var o='https://dev.visualwebsiteoptimizer.com/j.php?a='+account_id+'&u='+encodeURIComponent(d.URL)+'&vn='+version;if(w.location.search.indexOf('_vwo_xhr')!==-1){this.addScript({src:o})}else{this.load(o+'&x=true')}}};w._vwo_code=code;code.init();})(); </script>   <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NN4FLFJ'); </script> <link rel="icon" href="https://www.cobaltstrike.com/app/uploads/2023/06/cropped-android-chrome-512x512-2-32x32.png" sizes="32x32" /> <link rel="icon" href="https://www.cobaltstrike.com/app/uploads/2023/06/cropped-android-chrome-512x512-2-192x192.png" sizes="192x192" /> <link rel="apple-touch-icon" href="https://www.cobaltstrike.com/app/uploads/2023/06/cropped-android-chrome-512x512-2-180x180.png" /> <meta name="msapplication-TileImage" content="https://www.cobaltstrike.com/app/uploads/2023/06/cropped-android-chrome-512x512-2-270x270.png" /> <style id="wp-custom-css"> @media (max-width: 768px) { header #search-box { transform: translateY(40px); } } @media (min-width: 768px) { header #search-box { transform: translateY(-100px); } } .hs-checklist-wrapper .checklist-page-link{ text-decoration: none; } .checklist-page-link:hover .hs-checklist__item{ border-left-color: #77ecc2; } </style> </head> <body class="post-template-default single single-post postid-2866 single-format-standard wp-custom-logo wp-embed-responsive group-blog understrap-has-sidebar">  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NN4FLFJ" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>  <div class="site" id="page">  <header id="wrapper-navbar" class="sticky-top"> <a class="skip-link sr-only sr-only-focusable" href="#content">Skip to content</a> <nav id="main-nav" class="navbar navbar-expand-lg navbar-dark pb-lg-0" aria-labelledby="main-nav-label"> <div class="logo-container"> <a href="https://www.cobaltstrike.com/"> <span class="fortra-logo base-logo"> <img src="https://static.fortra.com/fortra-global-assets/fortra-logo-full.svg" width="150" height="24" alt="Fortra" class="logo-full" /> <img src="https://www.cobaltstrike.com/app/themes/helpsystems/img/fortra-delta-white.svg" style="width:33px" alt="fortra mobile logo" class="logo-small"/> </span> <span class="product-logo base-logo"> <img width="200" src="https://www.cobaltstrike.com/app/uploads/2023/06/fta-cobalt-strike-light-1.svg" alt="Cobalt Strike"/> </span> </a> </div> <ul id="top-menu" class="ml-auto navbar-nav"><li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-5494" class="menu-item-5494 nav-item"><a title="Fortra.com" target="_blank" rel="noopener noreferrer" href="https://www.fortra.com/?utm_source=coresecurity.com&utm_medium=referral&utm_campaign=fortra_secondarynav_link" class="nav-link text-nowrap menu-item menu-item-type-custom menu-item-object-custom">Fortra.com</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2236" class="menu-item-2236 nav-item"><a title="Blog" href="/blog" class="nav-link text-nowrap menu-item menu-item-type-custom menu-item-object-custom">Blog</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2239" class="menu-item-2239 nav-item"><a title="Download" target="_blank" rel="noopener noreferrer" href="https://download.cobaltstrike.com/download" class="nav-link text-nowrap menu-item menu-item-type-custom menu-item-object-custom">Download</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2237" class="menu-item-2237 nav-item"><a title="Contact Us" href="/contact-us" class="nav-link text-nowrap menu-item menu-item-type-custom menu-item-object-custom">Contact Us</a></li> </ul> <button class="navbar-toggler border-0" type="button" data-toggle="collapse" data-target="#navbarNavDropdown" aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation" > <span class="fas fa-bars fa-lg text-white"></span> </button> </nav> <nav id="main-nav" class="navbar navbar-bottom navbar-expand-lg navbar-dark pb-lg-0" aria-labelledby="main-nav-label"> <div class="container-fluid pr-lg-0 d-flex align-items-lg-end"> <h2 id="main-nav-label" class="screen-reader-text"> Main Navigation </h2>  <div id="navbarNavDropdown" class="collapse navbar-collapse"><ul id="main-menu" class="navbar-nav ml-auto mb-2"><li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2231" class="menu-btn is-style-btn-2 menu-item menu-item-type-custom menu-item-object-custom menu-item-2231 nav-item"><a title="REQUEST PRICING" href="/product/quote-request" class="nav-link text-nowrap mx-1 text-uppercase">REQUEST PRICING</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4540" class="has-mega-menu menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children dropdown menu-item-4540 nav-item"><a title="Product" href="/product" aria-haspopup="true" aria-expanded="false" class="dropdown-toggle nav-link text-nowrap mx-1 text-uppercase" id="menu-item-dropdown-4540">Product</a> <ul class="dropdown-menu" aria-labelledby="menu-item-dropdown-4540" > <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4350" class="header menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children dropdown menu-item-4350 nav-item"><a title="Features" href="#" class="dropdown-item">Features</a> <ul class="dropdown-menu" aria-labelledby="menu-item-dropdown-4540" > <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4349" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4349 nav-item"><a title="Beacon" href="https://www.cobaltstrike.com/product/features/beacon" class="dropdown-item">Beacon</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-5959" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-5959 nav-item"><a title="Malleable C2" href="https://www.cobaltstrike.com/product/features/malleable-c2" class="dropdown-item">Malleable C2</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4348" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4348 nav-item"><a title="Interoperability" href="https://www.cobaltstrike.com/product/features/interoperability" class="dropdown-item">Interoperability</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4351" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4351 nav-item"><a title="Community" href="https://www.cobaltstrike.com/product/features/community" class="dropdown-item">Community</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4457" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4457 nav-item"><a title="Flexibility" href="https://www.cobaltstrike.com/product/features/flexibility" class="dropdown-item">Flexibility</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-5450" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-5450 nav-item"><a title="UDRL" href="https://www.cobaltstrike.com/product/features/user-defined-reflective-loader" class="dropdown-item">UDRL</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2232" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-2232 nav-item"><a title="View More Features >" href="/product/features/" class="dropdown-item">View More Features ></a></li> </ul> </li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4352" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children dropdown menu-item-4352 nav-item"><a title="Interoperability" href="#" class="dropdown-item">Interoperability</a> <ul class="dropdown-menu" aria-labelledby="menu-item-dropdown-4540" > <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4353" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4353 nav-item"><a title="Core Impact" href="https://www.cobaltstrike.com/product/core-impact" class="dropdown-item">Core Impact</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4355" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4355 nav-item"><a title="Outflank Security Tooling" href="https://www.cobaltstrike.com/product/outflank-security-tooling" class="dropdown-item">Outflank Security Tooling</a></li> </ul> </li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4356" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children dropdown menu-item-4356 nav-item"><a title="Bundles" href="#" class="dropdown-item">Bundles</a> <ul class="dropdown-menu" aria-labelledby="menu-item-dropdown-4540" > <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4358" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4358 nav-item"><a title="Cobalt Strike + Core Impact" href="/resources/datasheets/advanced-bundle/" class="dropdown-item">Cobalt Strike + Core Impact</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4359" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4359 nav-item"><a title="Cobalt Strike + Outflank Security Tooling" href="/resources/datasheets/red-team-bundle/" class="dropdown-item">Cobalt Strike + Outflank Security Tooling</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4360" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4360 nav-item"><a title="Cobalt Strike, Core Impact, Outflank Security Tooling" href="/resources/datasheets/advanced-red-team-bundle/" class="dropdown-item">Cobalt Strike, Core Impact, Outflank Security Tooling</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4361" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4361 nav-item"><a title="View All Product Bundles >" href="/product/bundles/" class="dropdown-item">View All Product Bundles ></a></li> </ul> </li> </ul> </li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2235" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children dropdown menu-item-2235 nav-item"><a title="Support" href="/support" aria-haspopup="true" aria-expanded="false" class="dropdown-toggle nav-link text-nowrap mx-1 text-uppercase" id="menu-item-dropdown-2235">Support</a> <ul class="dropdown-menu" aria-labelledby="menu-item-dropdown-2235" > <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4369" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4369 nav-item"><a title="Training" href="https://www.cobaltstrike.com/support/training" class="dropdown-item">Training</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-5490" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-5490 nav-item"><a title="User Manuals" href="https://www.cobaltstrike.com/support/user-manuals" class="dropdown-item">User Manuals</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4363" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4363 nav-item"><a title="Community Kit" href="https://cobalt-strike.github.io/community_kit/" class="dropdown-item">Community Kit</a></li> </ul> </li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4541" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children dropdown menu-item-4541 nav-item"><a title="Resources" href="/resources" aria-haspopup="true" aria-expanded="false" class="dropdown-toggle nav-link text-nowrap mx-1 text-uppercase" id="menu-item-dropdown-4541">Resources</a> <ul class="dropdown-menu" aria-labelledby="menu-item-dropdown-4541" > <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4644" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4644 nav-item"><a title="Blog" href="/blog" class="dropdown-item">Blog</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4370" class="blue-caret menu-item menu-item-type-post_type menu-item-object-page menu-item-4370 nav-item"><a title="Screenshots" href="https://www.cobaltstrike.com/resources/screenshots" class="dropdown-item">Screenshots</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4366" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4366 nav-item"><a title="Datasheets" href="/resources/type-datasheet" class="dropdown-item">Datasheets</a></li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-4367" class="blue-caret menu-item menu-item-type-custom menu-item-object-custom menu-item-4367 nav-item"><a title="Videos" href="/resources/type-video" class="dropdown-item">Videos</a></li> </ul> </li> <li itemscope="itemscope" itemtype="https://www.schema.org/SiteNavigationElement" id="menu-item-2238" class="custom-mega-menu-item mx-3 menu-item menu-item-type-custom menu-item-object-custom menu-item-2238 nav-item"><a title=" Search " href="#" class="nav-link text-nowrap mx-1 text-uppercase"><a class=" d-sm-block d-xl-block d-lg-block nav-search jquery-once-1-processed search-show collapsed" href="#collapseSearch" style="width: 122px;color: #fff;text-align:right;padding-right: 1rem;width: 122px!important;height: 26px;position: relative;left: 7px;border: 1px solid #fff;border-radius: 16px;margin: 0.1875rem 0" data-toggle="collapse" role="button" aria-expanded="false" aria-controls="collapseSearch"> <i class="fal fa-search faicon-search fa-xs" aria-hidden="true"></i> <span class="text sr-only">Search</span> </a></a></li> </ul></div> </div> </nav> <div class="container search-bar fixed-top collapse" id= "collapseSearch" > <div class="row"> <div class="col-12 col-sm-10 offset-sm-1 col-lg-8 offset-lg-2"> <div id="search-box"> <div class="py-3"> <form role="search" class="search-form" method="get" action="https://www.cobaltstrike.com/" > <label class="screen-reader-text" for="s-1">Search for:</label> <div class="input-group"> <input type="search" class="field search-field form-control" id="s-1" name="s" value="" placeholder="Search …"> <span class="input-group-append"> <input type="submit" class="submit search-submit btn-1 " name="submit" value="Search"> </span> </div> </form> </div> </div> </div> </div> </div> </header> <div class="header-banner"> <div class="jumbotron jumbotron-fluid bg-4 " style="background-image: " > <div class="banner-wrapper"> <div class="container"> <p class="yoast-breadcrumbs m-0"><span><span><a href="https://www.cobaltstrike.com/">Home</a></span> » <span><a href="/blog/">Blog</a></span> » <span class="breadcrumb_last" aria-current="page">Cobalt Strike 4.7: The 10th Anniversary Edition</span></span></p> <h1>Cobalt Strike 4.7: The 10th Anniversary Edition</h1> <p class="font-italic">Wednesday 17 August, 2022</p> </div> </div> </div> </div> <div class="wrapper" id="page-wrapper"> <div class="container" id="content" tabindex="-1"> <div class="row"> <div class="col-lg-8 content-area" id="primary"> <main class="site-main" id="main"> <article class="post-2866 post type-post status-publish format-standard hentry cornerstone-development cornerstone-releases cta_type-blog" id="post-2866"> <div class="entry-content"> <p>Cobalt Strike 4.7 is now available. This release sees support for SOCKS5, new options to provide flexibility around how BOFs live in memory, updates to how Beacon sleeps and a number of other changes that have been requested by our users. We’ve also given the user interface a bit of a refresh (including support for the much-requested dark mode!).</p> <p>In recognition of Cobalt Strike’s 10<sup>th</sup> anniversary, I’d like to say a sincere thanks to all of our users for your continued support over the years – from the very first version created by Raphael Mudge, through the acquisition by Fortra (the new face of HelpSystems) and up to today and beyond. When I first met Raphael, he impressed upon me how unique and special Cobalt Strike’s user community is, and I’m reminded of that every day – from interactions on social media, to submissions to the <a href="https://www.cobaltstrike.com/blog/introducing-cobalt-strike-community-kit">Community Kit</a> and all of the great (and to be honest, sometimes not so great!) feedback that we receive. Cobalt Strike wouldn’t be where it is today without your support and constant feedback, so thank you. Here’s to the next 10 years!</p> <h3 class="wp-block-heading">A Word About Evasion</h3> <p>Before getting into the details of the 4.7 release, I’d like to spend a little time talking about what <em>isn’t</em> in the release. We’ve had a lot of feedback over the last few months that Cobalt Strike is being aggressively fingerprinted, and this is making it difficult to bypass AV and EDR tools. This is making things particularly difficult for teams that don’t have the time to develop their own tools, and you may have been expecting changes in the 4.7 release to push back on this. However, as I mentioned in <a href="https://www.cobaltstrike.com/blog/cobalt-strike-roadmap-update" target="_blank" rel="noreferrer noopener">a blog post about our roadmap</a> back in March, we aren’t going to be adding any out of the box evasive measures to the core Cobalt Strike product (and just to avoid repeating myself, please do read the blog post as it goes into depth about why that’s the case). That isn’t to say that we aren’t doing anything at all–of course we take this seriously, and of course we are focussing our efforts on making improvements. Our main product releases will continue to add flexibility, make changes to the product requested by our users, and keep things stable. Meanwhile, our growing research team will focus on adding new and updating existing evasive tools to the Arsenal Kit outside of the main release cycle, keeping things moving without affecting or making you wait for main product releases. This should work out much better for you, our users, in the long term. Rather than waiting for main product releases, you should start to see regular releases of, and updates to, the evasive tooling that you need in the Arsenal Kit.</p> <p>Fortra continues to invest in both the development team and the research team. We recently released a <a href="https://www.cobaltstrike.com/blog/arsenal-kit-update-thread-stack-spoofing" target="_blank" rel="noreferrer noopener">Thread Stack Spoofing tool</a> into the Cobalt Strike Arsenal Kit and we have a number of other tools currently in development that we are expecting to release over the next few weeks, filling in the gap between now and the 4.8 release at the end of the year. The reason for this aside is to reassure you all that we are acutely aware of the issues that you’re facing and while the 4.7 release itself doesn’t contain a raft of tools to address issues around evasion, we are taking this seriously and already working on this in the background. Thank you all for your patience as our research team finds their feet and research efforts ramp up.</p> <p>Now, back to the details of the 4.7 release. That’s what you’re here for, after all.</p> <h3 class="wp-block-heading">SOCKS5 Proxy Server Support</h3> <p>This release sees the implementation of a popular feature request – support for SOCKS5. Rather than replacing SOCKS4a altogether, you can choose whether to use SOCKS4a or SOCKS5 when starting SOCKS. A number of changes have been made, including an update to the “Start SOCKS” dialog to enable you to choose between SOCKS4a and SOCKS5 (as well as enter required parameters if SOCKS5 is selected), an update to the Proxy Pivots table to display whether SOCKS4a or SOCKS5 is being used, updates to the commands to start and stop SOCKS in the Beacon console, and an update to the <strong>bsocks</strong> Aggressor Script command. For details on the new command line options, run <strong>help socks</strong> within a Beacon console. For general details of the changes, please refer to the <a href="https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/welcome_main.htm" target="_blank" rel="noreferrer noopener">documentation</a>.</p> <p>It is important to note that these changes currently only add support for DNS resolution and UDP. We have <em>not</em> added support for IPv6 or GSSAPI authentication in this release, because the feedback that we got from you is that those features aren’t critical. We will, of course, continue to monitor feedback and will add support for those features if and when you indicate that they are important to add. We also intend to make other changes in future releases, including decoupling SOCKS5 from Beacon which should improve both speed and reliability. That is a bigger change though, and our priority for this release was to add this initial support.</p> <figure class="wp-block-image size-full"><img decoding="async" src="https://www.cobaltstrike.com/app/uploads/2023/01/socks-1.png" alt="" class="wp-image-11122"/></figure> <p> </p> <h3 class="wp-block-heading">Adding Flexibility Around How BOFs Live In Memory</h3> <p>Beacon Object Files are a key feature for Cobalt Strike. We have added more malleability around how Beacon Object Files live in memory, which should make them more difficult to fingerprint. To facilitate this, two new Malleable C2 profile settings have been added:</p> <p><em><code>bof_allocator</code></em> controls how you allocate memory for your BOF. Supported settings are <strong>VirtualAlloc</strong>, <strong>MapViewOfFile</strong> and <strong>HeapAlloc</strong>.</p> <p><em><code>bof_reuse_memory</code></em> determines whether or not memory is released. If this setting is “true”, memory is cleared and then reused for the next BOF execution; if this setting is “false”, memory is released and the appropriate memory free function is used, based on the bof_allocator setting.</p> <p>Memory permissions (RWX/RX or RW/RX) are set according to the values set in the new Malleable C2 profile settings above. The exception is HeapAlloc, which is always RWX.</p> <h3 class="wp-block-heading">Review Of BOF Usage Of VirtualAlloc RWX/RX Memory</h3> <p>Adding flexibility around how BOFs live in memory provided us with the means to address another item that we had on our backlog. We have added support for additional relocation types for BOFs, specifically the .xdata, .pdata, and .bss sections. This change firstly means that an issue has been resolved whereby BOFs sometimes wouldn’t run because the address offset was greater than 4GB. Secondly, the number of available dynamic functions has been increased from 32 to 64. </p> <h3 class="wp-block-heading">Sleep Updates</h3> <p>Changes have been made to the Sleep Mask Kit and around sleep in general.</p> <p>The main change is that you are now able to override the method called when Beacon goes to sleep. From 4.4 through 4.6, Beacon would call the sleep mask function that was patched into the .text section. This had some drawbacks as you were limited on how the code could be written in the sleep_mask.c files used for writing BOFs, and there was also an issue related to size constraints. In this release, Beacon has been reworked to add support for all of the things that you can do in a BOF when it comes to sleeping. Not only do you now have the ability to use your own sleep function, but you are also now able to call dynamic functions (LIBRARY$function) and Beacon API functions (when the Beacon code isn’t masked).</p> <p>There are two other benefits of this change worth highlighting:</p> <p>Executable code is now no longer located within Beacon’s .text section and has instead been moved to a different memory region.</p> <p>The sleep mask BOF size limit has been increased from 769 bytes to 8192 bytes.</p> <p>Related to this, while the Arsenal Kit still supports the older versions of the sleep mask, this release adds support for implementing the sleep mask as a true BOF. You will need to pull the updated Arsenal Kit to be able to use this feature.</p> <h3 class="wp-block-heading">Steal Token Update</h3> <p>The <em>steal_token</em> function has been updated to enable it to steal tokens from processes that it previously couldn’t get to. A user reported that as Beacon used OpenProcessToken to request <strong>TOKEN_ALL_ACCESS</strong>, in some cases this returned an access denied error. Manually tweaking the permissions in Beacon when it called OpenProcessToken was enough for them to get <em>steal_token</em> to succeed.</p> <p>We took this feedback on board and you are now able to customize the access mask when <em>steal_token</em> is invoked. A number of changes have been made to facilitate this:</p> <p>A <strong>steal_token_access_mask</strong> option has been added to the Malleable C2 profile. This is optional and allows you to set a default access mask used for <em>steal_token</em> and <em>bsteal_token</em>.</p> <p>Support has been added to allow you to set the access mask (and override the default value) when invoking <em>steal_token</em> and <em>bsteal_token</em> from the command line.</p> <p>The Steal Token dialog has been updated to allow you to set the access mask (and override the default value). This applies when both a single process and multiple processes are selected before opening the dialog.</p> <p>Note that if no default value for the access mask is provided (either via the new Malleable C2 profile option, dialog option, or command line options), steal_token will default to the current access mask of <strong>TOKEN_ALL_ACCESS</strong>.</p> <figure class="wp-block-image size-large is-resized"><img fetchpriority="high" decoding="async" src="https://www.cobaltstrike.com/app/uploads/2023/01/steal_token1.png" alt="" class="wp-image-11126" width="832" height="284"/></figure> <p> </p> <h3 class="wp-block-heading">Module Stomping Update</h3> <p>Based on user feedback, a small change has been made to module stomping. In some cases, although the module was loaded, the actual stomping failed because Beacon remained in virtual memory. This was because unless the exported function had an ordinal value between 1 and 15, Beacon would default to using VirtualAlloc. This limitation has now been addressed by adding optional syntax to the setting to specify the starting ordinal when searching for exported functions.</p> <h3 class="wp-block-heading">Clipboard Stealer</h3> <p>You are now able to steal the contents of the Windows clipboard on the target system via a command (<strong>clipboard</strong>) or an Aggressor Script command (<strong>bclipboard</strong>), with a caveat: this feature is only useful when the clipboard contains text (for example, credential material). This is a quick change and the intended use case is for those occasions where a target is observed using a password manager (or similar) to grab a password; you would then be able to copy that password (or other relevant material) from the clipboard for use. If there is text on the clipboard, this will be returned and displayed; if not, an error will be displayed informing you that the clipboard contents are not text based. The exception to this is that if the clipboard contents exceed 204800 bytes, an error will be returned instead. </p> <p>While this is a quick change with limited scope, we will likely enhance this feature in a future release. There are a number of interesting directions that we could go with this and we’d be interested to hear your feedback.</p> <h3 class="wp-block-heading">User Interface/Default Aggressor Script Updates</h3> <p>This release brings a refresh to the look and feel of the client UI (although not the complete overhaul that we’re still considering for a future release), along with a number of changes to the default aggressor script that introduce some usability improvements. You may recognise some of the default Aggressor Script changes, as some of those changes were inspired by <a href="https://github.com/mgeeky/cobalt-arsenal" target="_blank" rel="noreferrer noopener">mgeeky’s “cobalt-arsenal” Aggressor Scripts</a> (which incidentally can be found within the <a href="https://cobalt-strike.github.io/community_kit/" target="_blank" rel="noreferrer noopener">Cobalt Strike Community Kit</a>). While we have also added our own changes and implemented some things in our own way, we would just like to say a huge thank you to mgeeky for permission to bring some of that functionality into Cobalt Strike itself. </p> <p>We have made a number of changes in this area. Here are a few highlights:</p> <h5 class="wp-block-heading"><strong>Dark Mode</strong></h5> <p>The most eye-catching change (and one of the most requested) is the addition of dark mode. This can be toggled via a new menu option.</p> <figure class="wp-block-image size-large is-resized"><img decoding="async" src="https://www.cobaltstrike.com/app/uploads/2023/01/dark-mode.png" alt="" class="wp-image-11129" width="699" height="517"/></figure> <h5 class="wp-block-heading"><strong>Sleep Time Tracking</strong></h5> <p>Sleep time tracking works by recording the sleep time for each Beacon and displaying it in a new column in the Beacon table view. This information is persisted between teamserver restarts so it should always be available.</p> <h5 class="wp-block-heading"><strong>Beacon Health Tracking</strong></h5> <p>Linked to the sleep time tracking is a new Beacon Health tracking feature. This feature uses the sleep time and cross references this with the last check-in time to determine whether the Beacon is active, disconnected, or dead. This information is displayed in the Beacon table view and reflected in the Beacon’s icon. This feature can be enabled or disabled via a new option on the preferences dialog.</p> <figure class="wp-block-image size-large"><img decoding="async" src="https://www.cobaltstrike.com/app/uploads/2023/01/sleep-tracking-beacon-health-1.png" alt="" class="wp-image-11131"/></figure> <h5 class="wp-block-heading"><strong>Icon Updates</strong></h5> <p>Speaking of icons, we have updated the icons that are used on the pivot graph and in the Beacon table view to represent Beacon status and OS type. </p> <figure class="wp-block-image size-large is-resized"><img decoding="async" src="https://www.cobaltstrike.com/app/uploads/2023/01/pivot-chart-icons.png" alt="" class="wp-image-11132" width="591" height="536"/></figure> <h5 class="wp-block-heading"><strong>Toolbar And Menu Updates</strong></h5> <p>We have also updated the icons on the toolbar in the client and have removed toolbar buttons for some of the less popular functions. Related to this change, the main menu has been reorganised, flattening the menus and moving some of the options around into more useful and intuitive locations.</p> <h5 class="wp-block-heading"><strong>Bulk Payload Generation</strong></h5> <p>Related to the menu reorganisation, we have added a new menu item to allow you to generate x86 and x64 stageless payloads for all available payload variants at once. A new Sleep function, <strong>all_payloads</strong>, has also been added to allow you to do this from the command line.</p> <figure class="wp-block-image size-large is-resized"><img loading="lazy" decoding="async" src="https://www.cobaltstrike.com/app/uploads/2023/01/payloads-menu.png" alt="" class="wp-image-11133" width="536" height="255"/></figure> <h5 class="wp-block-heading"><strong>Stageless Payload Generator With Exit Option</strong></h5> <p>We have added a stageless payload generator dialog that allows you to set either “thread” or “process” as the exit option.</p> <figure class="wp-block-image size-full is-resized"><img loading="lazy" decoding="async" src="https://www.cobaltstrike.com/app/uploads/2023/01/stageless-payload-generator.png" alt="" class="wp-image-11134" width="486" height="278"/></figure> <h5 class="wp-block-heading"><strong>Windows Error Code Resolution</strong></h5> <p>Windows error codes are now automatically parsed and resolved, so you no longer need to memorise every single Windows error code or go and look it up when Beacon just returns the error code. The relevant error message is now displayed alongside the error code. We have also added a new Beacon console command (<strong>windows_error_code</strong>) and an Aggressor Script function (<strong>windows_error_code</strong>) that can be used to convert an error code to a message on demand.</p> <figure class="wp-block-image size-large"><img decoding="async" src="https://www.cobaltstrike.com/app/uploads/2023/01/error-code-resolution.png" alt="" class="wp-image-11136"/></figure> <h5 class="wp-block-heading"><strong>Process List Display Updates</strong></h5> <p>The output of the <strong>ps</strong> command has been enhanced to resolve parent/child relationships and display the process list as a treeview instead of the old, flat version. The Beacon process is displayed in yellow. We have plans to enhance this with more colour coding in a future release, too.</p> <figure class="wp-block-image size-large is-resized"><img loading="lazy" decoding="async" src="https://www.cobaltstrike.com/app/uploads/2023/01/ps-treeview.png" alt="" class="wp-image-11137" width="372" height="503"/></figure> <p>There are a number of other UI changes that have been implemented, including displaying more information in the Beacon and event status bars, displaying timestamps, making it easier to interact with Beacons, a new “import credentials” option, and much more.</p> <p>To see a full list of what’s new in Cobalt Strike 4.7, please check out the <a href="https://download.cobaltstrike.com/releasenotes.txt" target="_blank" rel="noreferrer noopener">release notes</a>. Licensed users can <a href="https://www.cobaltstrike.com/help-update-cobalt-strike" target="_blank" rel="noreferrer noopener">run the update program</a> to get the latest version, or download version 4.7 from scratch from <a href="https://download.cobaltstrike.com/download" target="_blank" rel="noreferrer noopener">the website</a>. To purchase Cobalt Strike or learn more, please <a href="https://www.cobaltstrike.com/quote-request/" target="_blank" rel="noreferrer noopener">contact us</a>.</p> </div> <footer class="entry-footer"> </footer> </article> </main> </div>  <div class="col-lg-4 align-self-start resource-sidebar widget-area"> <div class="sidebar-content bg-7 mb-3"> <div class=" container"> <div class="row"> <div class="col-12"> <div class="author-description p-3 row"> <div class="author-image col-5"> <img width="400" height="400" src="https://www.cobaltstrike.com/app/uploads/2023/07/Greg-profile.jpg" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="Greg Darwin bio picture" decoding="async" loading="lazy" srcset="https://www.cobaltstrike.com/app/uploads/2023/07/Greg-profile.jpg 400w, https://www.cobaltstrike.com/app/uploads/2023/07/Greg-profile-300x300.jpg 300w, https://www.cobaltstrike.com/app/uploads/2023/07/Greg-profile-150x150.jpg 150w" sizes="(max-width: 400px) 100vw, 400px" /> </div> <div class=" col-7 pl-0"> <h4 class="author-title text-align-left font-weight-light"> <a href="https://www.cobaltstrike.com/profile/greg-darwin">Greg Darwin</a> </h4> <div>Software Development Manager</div> </div> <div class="col-12 text-center mt-2"> <a class=" btn-link view-profile" href="https://www.cobaltstrike.com/profile/greg-darwin">View Profile</a> </div> </div> </div>  </div>  </div>  </div>  <div class="sidebar-content bg-7 mb-3"> <div class=" container"> <div class="row"> <div class="col-12"> <div class="sidebar-content p-3"> <div class="block-title text-uppercase"> TOPICS </div> <ul class="list-group list-group-flush pt-2"> <li class="list-unstyled"><a href="https://www.cobaltstrike.com/blog?_sft_cornerstone=development" title="Development">Development</a></li><li class="list-unstyled"><a href="https://www.cobaltstrike.com/blog?_sft_cornerstone=releases" title="Releases">Releases</a></li> </ul> </div> </div>  </div>  </div>  </div>  </div> </div> </div> </div> <footer class="site-footer footer container-fluid"> <div id="footer-center"> <div class="region region-footer"> <div class="container"> <div class="row"> <div class="col-lg-2 text-left text-lg-center"> <a class="logo" href="https://www.fortra.com" title="Home"> <img src="https://static.fortra.com/fortra-global-assets/fortra-logo-full.svg" alt="Fortra" /> </a> </div> <div class="col-lg-7 offset-lg-1 text-center"> <div class="contextual-region block block-block-content"> <div class="content"> <div class="row"> <div class="col-md-7"> <div class="container-fluid"> <ul class="d-flex pl-0 justify-content-center icons"> <li class="px-1 footer-icon"> <a href="tel:+1-800-328-1000"> <span class="icon"> <i class="fal fa-phone-volume" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-telephone">tel:+1-800-328-1000 </span> </a> </li> <li class="px-1 footer-icon"> <a href="/cdn-cgi/l/email-protection#543d3a323b14323b262026357a373b39"> <span class="icon"> <i class="fal fa-envelope" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-email">Email Us </span> </a> </li> <li class="px-1 footer-icon"> <a href="https://community.fortra.com/support"> <span class="icon"> <i class="fal fa-headset" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-support">Request Support </span> </a> </li> <li class="px-1 footer-icon"> <a href="https://www.fortra.com/resources/fortra-subscription-center"> <span class="icon"> <i class="fal fa-hand-pointer" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-subscribe">Subscribe </span> </a> </li> </ul> </div> </div> <div class="col-md-5"> <ul class="d-flex pl-0 justify-content-center icons" itemscope="" itemtype="http://schema.org/Organization" > <li class="px-1 footer-icon social"> <a href="https://twitter.com/_CobaltStrike?s=20"> <span class="icon"> <i class="fab fa-x-twitter" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-twitter">X </span> </a> </li> <li class="px-1 footer-icon social"> <a href="https://www.youtube.com/channel/UCXr2bT_K0WpaBrhRlhpFwdw"> <span class="icon"> <i class="fab fa-youtube" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-youtube">Youtube </span> </a> </li> <li class="px-1 footer-icon social"> <a href="https://www.reddit.com/r/Fortra/"> <span class="icon"> <i class="fab fa-reddit" aria-hidden="true"></i> </span> <span class="text comm-links d-block" id="comm-links-youtube">Reddit </span> </a> </li> </ul> </div> </div> </div> </div> </div> </div>  <div class="wrapper" id="wrapper-footer-full" role="complementary"> <div class="container" id="footer-full-content" tabindex="-1"> <div class="row"> <div id="nav_menu-2" class="footer-widget widget_nav_menu widget-count-5 col-md-2"><h3 class="d-none widget-title">Footer Menu 1</h3><div class="menu-footer-menu-1-container"><ul id="menu-footer-menu-1" class="menu"><li id="menu-item-4431" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4431"><a href="/product/features/">Features</a> <ul class="sub-menu"> <li id="menu-item-4432" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4432"><a href="/product/features/beacon">Beacon</a></li> <li id="menu-item-4433" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4433"><a href="/product/features/interoperability">Interoperablity</a></li> <li id="menu-item-4434" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4434"><a href="/product/features/community">Community</a> <ul class="sub-menu"> <li id="menu-item-4435" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4435"><a href="/product/features/">All Features ></a></li> </ul> </li> </ul> </li> </ul></div></div><div id="nav_menu-3" class="footer-widget widget_nav_menu widget-count-5 col-md-2"><h3 class="d-none widget-title">Footer Menu 2</h3><div class="menu-footer-menu-2-container"><ul id="menu-footer-menu-2" class="menu"><li id="menu-item-4436" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4436"><a href="/product/features/interoperability">Interoperability</a> <ul class="sub-menu"> <li id="menu-item-4437" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4437"><a href="/product/core-impact">Core Impact</a></li> <li id="menu-item-4438" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4438"><a href="/product/outflank-security-tooling">Outflank Security Tooling</a></li> </ul> </li> </ul></div></div><div id="nav_menu-4" class="footer-widget widget_nav_menu widget-count-5 col-md-2"><h3 class="d-none widget-title">Footer Menu 3</h3><div class="menu-footer-menu-3-container"><ul id="menu-footer-menu-3" class="menu"><li id="menu-item-4439" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4439"><a href="/support">Support</a> <ul class="sub-menu"> <li id="menu-item-4440" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4440"><a href="/support/training">Training</a></li> <li id="menu-item-4441" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4441"><a href="https://cobalt-strike.github.io/community_kit">Community Kit</a></li> </ul> </li> </ul></div></div><div id="nav_menu-5" class="footer-widget widget_nav_menu widget-count-5 col-md-2"><h3 class="d-none widget-title">Footer Menu 4</h3><div class="menu-footer-menu-4-container"><ul id="menu-footer-menu-4" class="menu"><li id="menu-item-4442" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4442"><a href="/resources">Resources</a> <ul class="sub-menu"> <li id="menu-item-4443" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4443"><a href="/blog">Blog</a></li> <li id="menu-item-4444" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4444"><a href="/screenshots">Screenshots</a></li> <li id="menu-item-4445" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4445"><a href="/resources/type-datasheet">Datasheets</a> <ul class="sub-menu"> <li id="menu-item-4446" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4446"><a href="/resources">All Resources ></a></li> </ul> </li> </ul> </li> </ul></div></div><div id="nav_menu-6" class="footer-widget widget_nav_menu widget-count-5 col-md-2"><h3 class="d-none widget-title">Footer Menu 5</h3><div class="menu-footer-menu-5-container"><ul id="menu-footer-menu-5" class="menu"><li id="menu-item-4447" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-4447"><a href="/about">About</a> <ul class="sub-menu"> <li id="menu-item-4448" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-4448"><a href="https://www.cobaltstrike.com/about/corporate-compliance-ethics">Corporate Compliance & Ethics</a></li> <li id="menu-item-6154" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-6154"><a href="https://www.fortra.com/about/newsroom">Newsroom</a></li> </ul> </li> </ul></div></div> </div> </div> </div> <div class="row copyright"> <div class="col"> <section class="row region region-footer-bottom"> <div class="content bottom-footer-links"> <div class="col"> <h3 class="d-inline-block"> <a href="https://www.fortra.com/contact-us">Contact Information</a> </h3> <h3 class="d-inline-block"> <a href="https://www.fortra.com/privacy-policy">Privacy Policy</a> </h3> <h3 class="d-inline-block"> <a href="https://www.fortra.com/cookie-policy">Cookie Policy</a> </h3> <h3 class="d-inline-block"> <a href="https://www.fortra.com/impressum">Impressum</a> </h3> Copyright © Fortra, LLC and its group of companies. Fortra<sup>®</sup>, the Fortra<sup>®</sup> logos, and other identified marks are proprietary trademarks of Fortra, LLC. </div> </div> </div> </section> </div> </div> </div> </div> </div> </footer> <div class="wpc-filters-overlay"></div> <script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script src="https://www.cobaltstrike.com/app/themes/helpsystems/blocks/card-carousel/script.js?ver=6.6.2" id="card-carousel-script-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/blocks/image-carousel/script.js?ver=6.6.2" id="image-carousel-script-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/blocks/logo-carousel/script.js?ver=6.6.2" id="logo-carousel-script-js"></script> <script src="https://www.cobaltstrike.com/app/themes/helpsystems/blocks/testimonial-carousel/script.js?ver=6.6.2" id="testimonial-carousel-script-js"></script> </body> </html>