Cobalt Strike 4.11.1 Released With Fix For \u2018Enable SSL\u2019 Checkbox
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Fortra has released Cobalt Strike<\/a> 4.11.1, an out-of-band update addressing critical issues discovered in their recent 4.11 release.\u00a0<\/p>\n This update, released on May 12, 2025, focuses primarily on resolving module stomping complications while also addressing issues with SSL certificate functionality and adding deprecation warnings for legacy features.<\/p>\n The most significant fix resolves a critical issue where Beacon would crash under specific conditions when using module stomping in conjunction with the new ObfSetThreadContext injection technique introduced in version 4.11.\u00a0<\/p>\n This crash occurred specifically when targeting processes with Control Flow Guard enabled.<\/p>\n \u201cWe fixed an issue which caused Beacon to crash in edge cases when module stomping was used in conjunction with ObfSetThreadContext injection when the target process had Control Flow Guard enabled,\u201d stated<\/a> the official release announcement.\u00a0<\/p>\n A patch has been implemented to address this vulnerability. For users implementing User Defined Reflective Loaders (UDRL) that perform module stomping, Fortra recommends explicitly setting the METHOD_MODULESTOMP parameter as part of the ALLOCATED_MEMORY structure in their UDRL implementation.\u00a0<\/p>\n This ensures Beacon remains aware of potential Control Flow Guard related issues. The team recommends referencing the bud-loader in UDRL-vs, included in the Cobalt Strike arsenal kit, for implementation examples.<\/p>\n The update also resolves a significant usability issue with the \u201cEnable SSL\u201d checkbox functionality.\u00a0<\/p>\n Previously, when users configured a self-signed certificate via the \u2018https-certificate\u2019 setting, the \u2018Enable SSL\u2019 checkbox would become disabled, preventing HTTPS from being enabled.\u00a0<\/p>\n With version 4.11.1, self-signed certificates properly enable the checkbox functionality, allowing users to implement secure communications with their Beacon infrastructure<\/a>.<\/p>\n Cobalt Strike documentation provides two approaches for SSL certificate implementation:<\/p>\n The release also introduces explicit deprecation warnings for stomp reflective loaders in the c2lint program.\u00a0<\/p>\n This follows the team\u2019s announcement in the 4.11 release that they are transitioning to prepend loaders as the default mechanism.\u00a0<\/p>\n The c2lint utility will now display warnings when stomp loaders are used, reinforcing the pending end of support in future releases.<\/p>\n The 4.11.1 update comes just two months after the major 4.11 release, which introduced significant new functionality including a novel Sleepmask for runtime obfuscation, the ObfSetThreadContext process injection technique<\/a>, and DNS over HTTPS (DoH) Beacon capabilities.<\/p>\n Licensed users can download version 4.11.1 immediately from Fortra\u2019s website. Organizations managing existing Cobalt Strike environments that don\u2019t require immediate updating can alternatively obtain a new authorization file using the Authorization Generation page rather than performing a full update.<\/p>\n This rapid out-of-band release demonstrates Fortra\u2019s commitment to quickly addressing critical issues in their red team simulation platform, which has become an essential tool for security professionals conducting advanced adversary emulation exercises.<\/p>\n Vulnerability Attack Simulation on How Hackers Rapidly Probe Websites for Entry Points \u2013 Free Webinar<\/a><\/strong><\/p>\n The post Cobalt Strike 4.11.1 Released With Fix For \u2018Enable SSL\u2019 Checkbox<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nModule Stomping Crash Resolved<\/strong><\/h2>\n
Fix for \u2018Enable SSL\u2019 Checkbox\u00a0<\/strong><\/h2>\n
\n
Update Now<\/strong><\/h2>\n