Veil Evasion in Cobalt Strike Beacon

Hi Friends,

Today, I want to share a tutorial on how to use veil evasion payload in cobalt strike. Combining these two attacking framework will give some advantages.

One of the Veil capability is the AV evasion feature rich technique which allow you to select that suitable your current condition

You can download and install Veil from https://github.com/Veil-Framework/Veil. To incorporate cobalt strike beacon in the veil evasion package, we need to generate the veil payload with the following steps

Generate the Cobalt Payload

  1. Select Attack –> Packages –> Payload Generator

2. Select the listener that you want the beacon to connect

3. Select the output payload “Veil”

4. Save the payload to file

Generate Veil Payload

Run the Veil framework from the console and select Evasion

Then you need to select the payload technique from the list. I am gonna use the simple one which is python/shellcode_inject/flat.py and start Generate

Then you need to select option number 3 “Custom shellcode string

Copy and Paste the payload from the cobalt strike that you generated in the Cobalt Payload Generation steps and Press Enter

Press Enter

Select 1 for default

After the compilation process then your exe is ready in the path below

You can use the payload3.exe to trigger the baeacon connection in the victim machine.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s