Cobalt Strike is Threat Emulation / Red Teaming software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers.
Key features of Cobalt Strike:
- Reconnaissance: Cobalt Strike's system profiler discovers which client-side applications your target uses, with version information
- Attack Packages: Use Cobalt Strike to host a web drive-by attack or transform an innocent file into a trojan horse. (Java Applet Attacks, Microsoft Office Documents, Microsoft Windows Programs, Website Clone Tool)
- Spear phishing: Import a message and let Cobalt Strike replace links and text to build a convincing phish for you. Cobalt Strike sends email and tracks who clicks.
- Collaboration: Connect to a Cobalt Strike team server to share data, communicate in real-time, and control systems compromised during the engagement
- Post Exploitation: Beacon is Cobalt Strike's payload to model an advanced actor. Beacon executes PowerShell scripts, logs keystrokes, takes screenshots, downloads files, and spawns other payloads.
- Covert Communication: Beacon's network indicators are malleable. Load a C2 profile to look like another actor. Use HTTP, HTTPS, and DNS to egress a network. Use named pipes to control Beacons, peer-to-peer, over the SMB protocol.
Cobalt Strike's reports provide a timeline and a list of indicators from red team activity. These reports are made to benefit our peers in security operations. Cobalt Strike exports reports as both PDF and MS Word documents.