Cobalt Strike

Cobalt Strike is Threat Emulation / Red Teaming software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers.

Key features of Cobalt Strike:

  • Reconnaissance: Cobalt Strike's system profiler discovers which client-side applications your target uses, with version information
  • Attack Packages: Use Cobalt Strike to host a web drive-by attack or transform an innocent file into a trojan horse. (Java Applet Attacks, Microsoft Office Documents, Microsoft Windows Programs, Website Clone Tool)
  • Spear phishing: Import a message and let Cobalt Strike replace links and text to build a convincing phish for you. Cobalt Strike sends email and tracks who clicks.
  • Collaboration: Connect to a Cobalt Strike team server to share data, communicate in real-time, and control systems compromised during the engagement
  • Post Exploitation: Beacon is Cobalt Strike's payload to model an advanced actor. Beacon executes PowerShell scripts, logs keystrokes, takes screenshots, downloads files, and spawns other payloads.
  • Covert Communication: Beacon's network indicators are malleable. Load a C2 profile to look like another actor. Use HTTP, HTTPS, and DNS to egress a network. Use named pipes to control Beacons, peer-to-peer, over the SMB protocol.

Cobalt Strike's reports provide a timeline and a list of indicators from red team activity. These reports are made to benefit our peers in security operations. Cobalt Strike exports reports as both PDF and MS Word documents.