Cobalt Strike Connection Keeps on Working Even After the Domain Was Suspended

The cobalt strike connection kept on working even after the domain used to actually direct the victim to the particular cobalt strike server had been suspended. Horizon three a i, the company that found this volnability, now published a plog bost post showing how this particular volnability can actually be exploited. It sort of all starts out with an unauthenticated, eximal external entity injection. Back in april Soho did publish an up date for managengin 80 audit plus disup date fixed walnabiliy c v e 20 22 28, two 19. The register name cheap has been very responsive in revoking domains for malicious purposes. So if you are attempting