Beacon is Cobalt Strike's post-exploitation payload. Unlike traditional shells that maintain a constant, noisy connection, Beacon is designed for "low and slow" operations.
At its core, a Cobalt Strike request is a heartbeat. When a Cobalt Strike payload (the Beacon) is executed on a target machine, it does not maintain a constant open connection to the command-and-control (C2) server. Instead, it "calls home" at set intervals. These requests typically serve two purposes: cobalt strike request
Most Cobalt Strike traffic is camouflaged as standard HTTP or HTTPS traffic. Because of the tool's "Malleable C2" feature, a request can be programmed to look like almost anything—a Google search, a Windows Update check, or even a Netflix stream. Beacon is Cobalt Strike's post-exploitation payload
But what makes it so effective? The answer lies in its flexibility, particularly through its signature agent: . The Heart of the Operation: Beacon When a Cobalt Strike payload (the Beacon) is