What is Beacon?

Beacon is Cobalt Strike's remote administration tool for when you need to stay low and slow. By default, Beacon does not provide real-time control of a compromised host. Beacon is asynchronous. Your team issues tasks and when Beacon checks in, it downloads its tasks, and executes them. This asynchronous style of command and control is common with sophisticated malware and Advanced Persistent Threat actors.

Cobalt Strike Beaconing

Beacon has a lot of communication flexibility that Meterpreter and other payloads do not offer. Beacon can rotate through multiple addresses. This makes your access resilient when some addresses get blocked. Beacon also has the ability to switch between HTTP, DNS, and SMB as data channels. Used interactively, Beacon can act as a pivot for your attacks and post-exploitation commands too.

[ What is Beacon? | Setup | Delivery | Manager | Console pt. 1, pt. 2 | Peer-to-Peer C2 ]