Cobalt Strike 4.11.1 Released With Fix For ‘Enable SSL’ Checkbox
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Fortra has released Cobalt Strike 4.11.1, an out-of-band update addressing critical issues discovered in their recent 4.11 release.
This update, released on May 12, 2025, focuses primarily on resolving module stomping complications while also addressing issues with SSL certificate functionality and adding deprecation warnings for legacy features.
Module Stomping Crash Resolved
The most significant fix resolves a critical issue where Beacon would crash under specific conditions when using module stomping in conjunction with the new ObfSetThreadContext injection technique introduced in version 4.11.
This crash occurred specifically when targeting processes with Control Flow Guard enabled.
“We fixed an issue which caused Beacon to crash in edge cases when module stomping was used in conjunction with ObfSetThreadContext injection when the target process had Control Flow Guard enabled,” stated the official release announcement.
A patch has been implemented to address this vulnerability. For users implementing User Defined Reflective Loaders (UDRL) that perform module stomping, Fortra recommends explicitly setting the METHOD_MODULESTOMP parameter as part of the ALLOCATED_MEMORY structure in their UDRL implementation.
This ensures Beacon remains aware of potential Control Flow Guard related issues. The team recommends referencing the bud-loader in UDRL-vs, included in the Cobalt Strike arsenal kit, for implementation examples.
Fix for ‘Enable SSL’ Checkbox
The update also resolves a significant usability issue with the “Enable SSL” checkbox functionality.
Previously, when users configured a self-signed certificate via the ‘https-certificate’ setting, the ‘Enable SSL’ checkbox would become disabled, preventing HTTPS from being enabled.
With version 4.11.1, self-signed certificates properly enable the checkbox functionality, allowing users to implement secure communications with their Beacon infrastructure.
Cobalt Strike documentation provides two approaches for SSL certificate implementation:
The release also introduces explicit deprecation warnings for stomp reflective loaders in the c2lint program.
This follows the team’s announcement in the 4.11 release that they are transitioning to prepend loaders as the default mechanism.
The c2lint utility will now display warnings when stomp loaders are used, reinforcing the pending end of support in future releases.
Update Now
The 4.11.1 update comes just two months after the major 4.11 release, which introduced significant new functionality including a novel Sleepmask for runtime obfuscation, the ObfSetThreadContext process injection technique, and DNS over HTTPS (DoH) Beacon capabilities.
Licensed users can download version 4.11.1 immediately from Fortra’s website. Organizations managing existing Cobalt Strike environments that don’t require immediate updating can alternatively obtain a new authorization file using the Authorization Generation page rather than performing a full update.
This rapid out-of-band release demonstrates Fortra’s commitment to quickly addressing critical issues in their red team simulation platform, which has become an essential tool for security professionals conducting advanced adversary emulation exercises.
#Cyber_Security #Cyber_Security_News #SSL #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Cobalt Strike 4.11.1 Released With Fix For ‘Enable SSL’ Checkbox
Author: KaaviyaFortra has released Cobalt Strike 4.11.1, an out-of-band update addressing critical issues discovered in their recent 4.11 release.
This update, released on May 12, 2025, focuses primarily on resolving module stomping complications while also addressing issues with SSL certificate functionality and adding deprecation warnings for legacy features.
Module Stomping Crash Resolved
The most significant fix resolves a critical issue where Beacon would crash under specific conditions when using module stomping in conjunction with the new ObfSetThreadContext injection technique introduced in version 4.11.
This crash occurred specifically when targeting processes with Control Flow Guard enabled.
“We fixed an issue which caused Beacon to crash in edge cases when module stomping was used in conjunction with ObfSetThreadContext injection when the target process had Control Flow Guard enabled,” stated the official release announcement.
A patch has been implemented to address this vulnerability. For users implementing User Defined Reflective Loaders (UDRL) that perform module stomping, Fortra recommends explicitly setting the METHOD_MODULESTOMP parameter as part of the ALLOCATED_MEMORY structure in their UDRL implementation.
This ensures Beacon remains aware of potential Control Flow Guard related issues. The team recommends referencing the bud-loader in UDRL-vs, included in the Cobalt Strike arsenal kit, for implementation examples.
Fix for ‘Enable SSL’ Checkbox
The update also resolves a significant usability issue with the “Enable SSL” checkbox functionality.
Previously, when users configured a self-signed certificate via the ‘https-certificate’ setting, the ‘Enable SSL’ checkbox would become disabled, preventing HTTPS from being enabled.
With version 4.11.1, self-signed certificates properly enable the checkbox functionality, allowing users to implement secure communications with their Beacon infrastructure.
Cobalt Strike documentation provides two approaches for SSL certificate implementation:
- Self-signed SSL certificates, configurable through parameters including Country (C), Common Name (CN), Organization (O), and validity period
- Valid SSL certificates using Java Keystore files with proper certificate information
The release also introduces explicit deprecation warnings for stomp reflective loaders in the c2lint program.
This follows the team’s announcement in the 4.11 release that they are transitioning to prepend loaders as the default mechanism.
The c2lint utility will now display warnings when stomp loaders are used, reinforcing the pending end of support in future releases.
Update Now
The 4.11.1 update comes just two months after the major 4.11 release, which introduced significant new functionality including a novel Sleepmask for runtime obfuscation, the ObfSetThreadContext process injection technique, and DNS over HTTPS (DoH) Beacon capabilities.
Licensed users can download version 4.11.1 immediately from Fortra’s website. Organizations managing existing Cobalt Strike environments that don’t require immediate updating can alternatively obtain a new authorization file using the Authorization Generation page rather than performing a full update.
This rapid out-of-band release demonstrates Fortra’s commitment to quickly addressing critical issues in their red team simulation platform, which has become an essential tool for security professionals conducting advanced adversary emulation exercises.
#Cyber_Security #Cyber_Security_News #SSL #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
