Cobalt Strike is a powerful threat emulation tool that provides a post-exploitation agent and covert channels ideal for Adversary Simulations and Red Team exercises, replicating the tactics and techniques of an advanced adversary in a network.
Simulate an Embedded Threat Actor
Beacon, Cobalt Strike’s post-exploitation payload, can be quietly transmitted over HTTP, HTTPS, or DNS and uses asynchronous “low and slow” communication commonly utilized by embedded attackers who wish to remain undetected. With Malleable C2, Beacon’s flexible Command and Control language, users can modify network indicators to blend in with normal traffic or cloak its activities by emulating different types of malware. Beacon can perform various post-exploitation activities, including PowerShell script execution, keystroke logging, capturing screenshots, downloading files, and spawning other payloads.
Begin by gathering intelligence using Cobalt Strike’s system profiler, which maps out a target’s client-side attack surface, providing a list of applications and plugins it discovers through the user’s browser, as well as Internal IP address of users who are behind a proxy server. With this advanced reconnaissance, it’s easier to determine the most successful attack path.
Design an attack using one of Cobalt Strike’s numerous packages. For example, host a web drive-by attack using website clones. Alternately, you can transform an innocent file into a trojan horse using Microsoft Office Macros or Windows Executables.
You can also deliver an attack using Cobalt Strike’s spear phishing tool. Assemble a list of targets and select one of the preconfigured templates or create your own.