Security News > 2021 > August > Cobalt Strike Vulnerability Affects Botnet Servers
The main components of the security tool are the Cobalt Strike client - also known as a Beacon - and the Cobalt Strike team server, which sends commands to infected computers and receives the data they exfiltrate.
An attacker starts by spinning up a machine running Team Server that has been configured to use specific "Malleability" customizations, such as how often the client is to report to the server or specific data to periodically send.
The link connecting the client to the server is called the web server thread, which handles communication between the two machines.
Chief among the communications are "Tasks" servers send to instruct clients to run a command, get a process list, or do other things.
The bug works by sending a server fake replies that "Squeeze every bit of available memory from the C2's web server thread.".
They can simulate a Cobolt Strike client, and leverage this vulnerability to reply to servers with messages that cause the server to crash.