CobaltStrike4.2-Mac App

@xx 发给我的,对比了4.1,貌似没什么问题(不放心自己对比4.1源码,也不用非得有4.2原版)

回复cs4.2获得下载地址哦

4.2更新内容

November 6, 2020 - Cobalt Strike 4.2
----------------
+ Refactored Beacon Reflective Loader and added mechanism to patch rDLL loader into
  Beacon (vs. shipping a static loader with the agent).
+ Added stage -> allocator (VirtualAlloc, HeapAlloc, or MapViewOfFile) to set
  which allocator Beacon's RDLL loader will use for the Beacon stage.
+ stage -> obfuscate now obfuscates .text section in rDLL package
+ Fixed client NPE triggered by missing download start metadata
+ Added Cobalt Strike client IP address to join message in events.log
+ Added -Dcobaltstrike.server_bindto=address (in teamserver script, java command) 
  to change the address the team server will bind to. Default is 0.0.0.0.
+ Team server now uses a more resilient process to write its data model
+ Screenshot tool now reports user, session, and active window title.
+ Updated View -> Screenshots and other UX to use screenshot context info
+ Added color highlighting to View -> Screenshots
+ http-post C2 handler now detects another type of corruption.
+ Added color highlighting to View -> Downloads
+ Added color highlighting to View -> Keystrokes
+ Keystroke logger now reports user and session information
+ Updated View -> Keystrokes and other UX to use keylogger context info
+ Added option to "remove" screenshot or keystrokes from interface via menu
+ Added screenshots.log to logs/[date]/[target]/ folder with screenshot meta-data
+ Stripped color codes from keystroke logs and added desktop session/user context
+ Added Save option to keystroke and screenshot browser right-click menu.
+ Split screenshot into two commands: screenshot and screenwatch. screenshot takes 
  a single screenshot. screenwatch takes periodic screenshots until terminated 
  with jobkill command.
+ Added printscreen command to take screenshot by forcing PrintScr keypress and 
  grabbing contents from the keyboard.
+ Added post-ex -> thread_hint to spawn threads with specified module!func+offset
  start address. Affects the browserpivot, keylogger, net, portscan, and 
  powerpick/psinject post-ex DLLs.
+ Added post-ex -> keylogger to set keystroke logging method. Current options are
  SetWindowsHookEx and GetAsyncKeyState.
+ post-ex -> obfuscate now enables behavior to mask DLL strings, when not needed, 
  in execute-assembly, keystroke logger, screenshot, and SSH client DLLs.
+ Added stage -> magic_mz_[arch] and magic_pe to set the MZ and PE header values to
  something else in Beacon's DLL package. Read the docs on this one as the MZ 
  values have to be valid executable instructions that [should] repair any changes 
+ Added a c2lint warning for operation-impacting high dns_ttl values.
+ HTTP and DNS C2 specific configs no longer show up outside of their payloads
+ Beacon now detects http-post block request failures and tries requests again.
+ Rewrote how DNS C2 caches and clears cache of conversations and entries. This 
  fixes DNS C2 stability/performance for servers that send parent domain before 
  each FQDN request. It looked like a checkin to Beacon and was wreaking havoc.
+ Implemented remote-exec wmi as a BOF.
+ Max length of useragent field in Malleable C2 profile is now 255 characters.
+ Fixed bug with [possible] domain truncation in DNS/HTTP Beacon config if the total
  length of the specified domains exceeded 255 characters.
+ 8+ years in and I think y'all deserve some generosity from the Cobalt Strike 
  product. As my kind act, I have doubled the max size of the http-get.client and 
  http-post.client programs in your profile.
+ Added headers_remove global option to force Beacon's WinINet to remove specified
  headers late in the HTTP/S transaction process.
+ Added a "this goes into your config" notice to the HTTP Beacon proxy config dialog
+ Added an empty BOF content sanity check to &beacon_inline_execute
+ Added rportfwd_local to create a port forward that initiates connection and routes
  from Beacon to team server onwards through the requester's Cobalt Strike client.
+ Implemented spunnel and spunnel_local commands to spawn shellcode and tunnel 
  connection to specified controller. spunnel_local forwards via Cobalt Strike client
  and spunnel forwards via the team server.
+ Added pivot socket read governor to limit read loop to max ~4s per Beacon checkin.
+ Bug fixto link module read functions
+ Multiple improvements to existing rportfwd implementation.
+ rportfwd (and spunnel) are now friendly to having the rportfwd for a session/port
  redefined without the need to release the bound port and rebind it.
+ Pivot socket writes now happen on a connection specific thread to prevent session
  deadlock if the team server-side relayed connection becomes unresponsive or blocked.
+ Fixed a handle leak in socks pivoting sub-system
+ DNS Beacon C2 now drops requests that are not A, AAAA, or TXT.
+ Added post-ex -> pipename Malleable C2 option to change post-ex job output pipename
+ Added set ssh_pipename to set the named pipe used by Cobalt Strike's SSH sessions
+ Proxy server config parser now strips trailing / (which impacted the port value).
+ Any # in Malleable C2 pipename options is now replaced with a random hex digit.
+ Fixed BeaconUseToken BOF API to return a BOOL as documented
+ Added BeaconSpawnTemporaryProcess BOF API. 
+ Fixed parser to extract creds from dcsync [domain] output
+ Made changes to avoid unneeded VirtualProtect when startrwx/userwx in process-inject
  block are both true.
+ BOF executable memory now honors startrwx/userwx hints from process-inject block
+ Added script hook to enable use of alt. mimikatz, provided by us, between releases
+ Updated to Mimikatz 2.2.0-20200918-fix
+ Greatly reduced the size of mimikatz-min and mimikatz-chrome DLLs.
+ Added chromedump alias to run dpapi::chrome in mimikatz.
+ Improved recoverability of parent Beacon if a child TCP Beacon process "fails"
+ Added Vista+ check to getsystem in Beacon console.
+ Browser Pivot HTTP Proxy is now manageable via View -> Proxy Pivots
+ Added &bmimikatz_small to Aggressor Script.
+ Moved capability to query network interfaces to a BOF and out of core Beacon
+ Added some ptr cleanup to post-ex RDLL loaders.
+ Fixed SSH agent bug where session was sometimes incorrectly reported as elevated
+ Added set data_jitter "X" to add noise to Beacon's HTTP/S beaconing by adding
  up to X (random each time) random bytes to the output of each http-get and 
  http-post response 
+ c2lint warns for a bad process-inject -> execute config for Windows XP-era systems.
+ execute-assembly now stomps DOS header when post-ex -> obfuscate is true
+ Added c2lint check for dangerous headers to overwrite with http-config.

本文始发于微信公众号（RedTeaming）：CobaltStrike4.2-Mac App