Cobalt Strike is powerful adversary simulation software that supports red team operations. Security professionals can emulate advanced threat actors, executing targeted attacks to better assess organizational defenses.

Flexibility

 
Cobalt Strike’s Command and Control (C2) framework prioritizes operator flexibility and is easily extendable to incorporate personalized tools and techniques. A number of tools have been published by Cobalt Strike’s user community and are available in the Community Kit, a central repository with both tools and scripts.

 
Learn more about Cobalt Strike’s flexibility >

Interoperability

Cobalt Strike can be used with other Fortra tools to extend the reach of engagements. For example, it can work in tandem with Outflank Security Tooling (OST), a curated set of offensive security tools designed to enhance evasion. It can also be used with Fortra’s pen testing tool, Core Impact, for sharing resources and deploying Beacon for session passion and tunneling capabilities.

Learn more about Cobalt Strike’s interoperability>

Arsenal Kit

The Cobalt Strike Arsenal Kit is a collection of customizable tools that enable users to better simulate real-world adversary tactics and techniques. Users can build and use the kits as they are or modify them to suit their engagements and support their goals. The Arsenal Kit includes:

  • The Sleep Mask Kit – Hides Beacon in memory while it sleeps
  • The Mutator Kit – uses an LLVM mutator to break in-memory YARA scanning of sleep masks
  • User-Defined Reflective Loaders – custom reflective loaders that can bear individualized tradecraft

Covert Communication

 
Beacon provides several communication channels to reduce the risk of being identified.

Malleable C2 profiles can be created to change network indicators to either mask Beacon activity or simulate real-world ATPs.

Networks can be egressed using HTTP, HTTPS, and DNS.

Peer-to-peer Beacon connections can be established via TCP, or via named pipes using SMB.

 

Post-exploitation

With Beacon, Cobalt Strike’s signature payload, users can replicate the behavior of an advanced adversary, quickly expanding their foothold.

Once deployed, Beacon can gather information, execute arbitrary commands, deploy additional payloads, and more. Further post-exploitation features can be added using Beacon Object Files (BOF), compiled C programs that can execute within a Beacon process.

Learn more about Cobalt Strike Beacon>

Collaboration

 
Cobalt Strike team servers allow red teams to communicate in real-time and control systems compromised during an engagement.

 
In addition to shared sessions, team members can also share hosts, captured data, and download files.

 

Payload Generation

Cobalt Strike can generate a wide variety of payloads that can be tailored to suit the needs of the engagement.

Users are given control to create payloads that meet their specific requirements.

Reporting

Cobalt Strike’s reports provide a timeline and a list of indicators from red team activity. These reports can be used to help security operations teams determine next steps after an engagement is completed. Cobalt Strike exports reports as both PDF and MS Word documents.

Browser Pivot

Browser Pivoting can be used to bypass two-factor authentication and access websites as the target, via the attacker’s own browser.

 

Spear Phishing

Cobalt Strike provides targeted phishing emails for network infiltration, with options for email templates, custom messages, and social engineering package attachments. Once sent, users can track who clicks.
 

Interested in purchasing Cobalt Strike?

Take the next steps by exploring Cobalt Strike pricing options, which includes bundling options with other offensive security solutions.

learn about pricing