Cobalt Strike is a commercial penetration testing tool, which gives security testers access to a large variety of attack capabilities. It can be used to conduct spear-phishing and gain unauthorized access to systems, and can emulate a variety of malware and other advanced threat tactics.
This powerful network attack platform combines social engineering, unauthorized access tools, network pattern obfuscation and a sophisticated mechanism for deploying malicious executable code on compromised systems. It can now be used by attackers to deploy advanced persistent threat (APT) attacks against any organization.
This threat emulation program has the following capabilities:
- Reconnaissance—discovers which client-side software your target uses, with version info to identify known vulnerabilities.
- Attack Packages—provides a social engineering attack engine, creates trojans poised as innocent files such as Java Applets, Microsoft Office documents or Windows programs, and provides a website clone to enable drive-by downloads.
- Collaboration—Cobalt Team Server allows a group host to share information with a group of attackers, communicate in real time and share control of compromised systems.
- Post Exploitation—Cobalt Strike uses Beacon, a dropper that can deploy PowerShell scripts, log keystrokes, takes screenshots, download files, and execute other payloads.
- Covert Communication—enables attackers to modify their network indicators on the fly. Makes it possible to load C2 profiles to appear like another actor, and egress into a network using HTTP, HTTPS, DNS or SMB protocol.
- Browser Pivoting—can be used to get around two-factor authentication.
It is also interesting task to detect Cobalt Strike even it is difficult to do so most of the time, such as 50050/tcp, DNS with bogus reply, TLS cert, etc.
Cobalt Strike is also a post-exploitation framework tool developed for ethical hackers. It gives a post-exploitation agent and covert channels to emulate an embedded actor in your customer’s network.
It can be extended and customized by the user community. Several excellent tools and scripts have been written and published, but they can be challenging to locate.
Cobalt strike is a premium product. However, like Metasploit, there’s a free community edition called Community Kit.
Community Kit is a central repository of extensions written by the user community to extend the capabilities of Cobalt Strike. The Cobalt Strike team acts as the curator and provides this kit to showcase this fantastic work.
Links: