-
Notifications
You must be signed in to change notification settings - Fork 275
Do's and Don'ts
Grzegorz Rychlik edited this page Jan 18, 2021
·
1 revision
- Keep an eye on the number of active relays communicating over a channel with a single API key.
- Use multiple API keys to restrict rate limiting.
- Use multiple gateways if the graph becomes unmanageable.
- Don't run
exitfrom the Cobalt Strike console unless you want to kill the relay as well. - Delete GatewaySnapshot.json unless you want to delete everything in the C3 network.
- Don't use SMB/TCP beacons from Cobalt Strike outside of C3 - if you link two beacons in this way you will cause large volumes of useless traffic to be spammed on the egress channel.