The update introduces a novel Sleepmask, new process injection techniques, enhanced obfuscation options, and stealthier communication methods – all designed to operate effectively without requiring extensive customization. The release also includes several usability enhancements, such as command line variables corresponding to Beacon console metadata, reorganized help commands, and GUI improvements, including customizable console buffer size and text wrapping options. By default, Beacon now enables sleepmask, cleanup, and XOR obfuscation, making it resistant to static signatures throughout the attack chain without requiring manual configuration. The update introduces a novel Sleepmask that automatically obfuscates Beacon, its heap allocations, and itself, making it robust against static signatures at runtime without additional configuration. Cobalt Strike 4.11 has ported Beacon’s default reflective loader to a new prepend/sRDI style loader with several evasive features, including EAF bypass options and support for indirect syscalls. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The new transform-obfuscate feature allows for the automatic application of complex obfuscation routines to Beacon payloads. This allows operators to run multiple BOFs simultaneously within the same process while Beacon is sleeping, operating in either single-shot or background mode. This technique can evade detection tools that identify injected threads by looking for start addresses not backed by Portable Executable images on disk. This transforms a Beacon payload by compressing it, RC4 encrypting it with a random 64-bit key, XOR encryption with a random 32-bit key, and finally base64 encoding it. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 18 Mar 2025 10:20:13 +0000