Cobalt Strike - XSS Exploit Explained - CVE-2022-39197

Channel:
United States Guided Hacking
Subscribers:
178,000
Published on ● Video Link: https://www.youtube.com/watch?v=LDPSI3pXH4c


Duration: 8:22
10,179 views
0

CVE-2022-39197 is an XSS vulnerability in Cobalt Strike discovered in 2022 that may enable RCE.
Support us on GH: https://guidedhacking.com/register/
Support us on Patreon:   / guidedhacking  
Support us on YT:    / @guidedhacking  

Cobalt Strike - XSS Exploit Explained
This exploit targets the client a user uses to connect to a C2 server, displaying all infected systems to the user. It is a cross site scripting attack written in Java which payload contains HTML tags.

More info: https://guidedhacking.com/threads/cob...

Cobalt Strike is an insanely popular red team tool with a huge feature set. Mudge created Cobalt Strike 10 years ago as a red team command and control platform. In 2020, HelpSystems acquired Cobalt Strike. Today, it is widely used by U.S. government, companies and consulting organizations.

Cobalt Strike is an excellent tool for post-exploitation and covert operations, allowing you to emulate a quiet, long-term embedded actor in your target's network. Malleable C2 lets you change your network indicators to look like different malware each time, making it even harder for detection. These tools, combined with Cobalt Strike's robust social engineering capabilities and unique reports designed to aid blue team training, make it an invaluable tool for any penetration tester.

CVE-2022-39197 is a simple XSS vulnerability but it's possible to get RCE from this because you can define an account username in the Beacon configuration.

Follow us on Facebook : http://bit.ly/2vvHfhk
Follow us on Twitter : http://bit.ly/3bC7J1i
Follow us on Twitch : http://bit.ly/39ywOZ2
Follow us on Reddit : http://bit.ly/3bvOB57
Follow us on GitHub : http://bit.ly/2HoNXIS
Follow us on Instagram : http://bit.ly/2SoDOlu
Cobalt Strike - CVE-2022-39197 Explained
#redteaming #CobaltStrike #fr3dhk



Other Videos By Guided Hacking


2022-12-14Reverse Engineering Mallox Ransomware - Malware Analysis
2022-12-06ChatGPT - Malware Analysis using Artificial Intelligence
2022-12-02BlackGuard Malware Analysis - Worst Stealer of 2022
2022-11-29How to Setup CAPEV2 Sandbox - Malware Config & Payload Extractor
2022-11-25Binary Exploit Development 4 - DEP Bypass with VirtualAlloc
2022-11-18CrashedTech Malware Analysis - Reversing a Loader
2022-11-15The GH Unreal Engine Dumper
2022-11-11Where to Download New Malware Samples
2022-11-01Top 5 Best Ida Pro Plugins For Malware Analysis
2022-10-25VFlooder Malware Analysis - VirusTotal Flooder
2022-10-14Cobalt Strike - XSS Exploit Explained - CVE-2022-39197
2022-10-11KLBanker String Decryption With Python - Malware Analysis
2022-10-07PINCE Tutorial - Linux Cheat Engine Alternative
2022-10-03Exploit Development 3 - Writing an Exploit Stager
2022-09-23Top 5 Malware Analysis Websites
2022-09-20Binary Exploit Development - SEH Based Overflow
2022-09-09What is the Windows API? What is Windows.h?
2022-09-06VKeylogger Analysis - Reversing & Fixing Imports
2022-09-02Binary Exploit Development Tutorial - Simple Buffer Overflow
2022-08-17How to Setup a Virtual Machine for Malware Analysis
2022-08-10BlackNET C2 Communications with FakeNet-NG


Tags:
CobaltStrike
Cobalt Strike
CobaltStrike Beacon
CobaltStrike exploit
Cobalt Strike Exploit
Cobalt Strike Beacon
What is CobaltStrike?
What is Cobalt Strike?
cobalt strike
threat hunting
red team
penetration testing
penetration testing cyber security
cobalt strike explained
cobalt strike tutorial
cobalt strike beacon
cobalt strike detection
cobalt strike training
cobalt strike attack
cobalt strike XSS
CVE-2022-39197