Cobalt Strike is threat emulation software, used to execute targeted attacks and emulate a quiet, long-term embedded actor in your customer’s network. It is a powerful tool in its own right but is also proud to be a part of Fortra’s comprehensive cybersecurity portfolio and can be used with other Fortra tools to extend the reach of your engagements.
The Cobalt Strike R&D team collaborate closely with both the Outflank and Core Impact teams. Interoperability between the products is something that is constantly being improved upon.
Red Teaming Toolset: Outflank Security Tooling (OST)
OST is a curated set of offensive security tools that were developed with Cobalt Strike in mind. OST’s Payload Generator is ideal for enhancing the evasiveness of Beacon. Additionally, many of these tools integrate directly using BOFs. For example, OST offers multiple BOF capabilities for extending Cobalt Strike, including Kerberos interaction, novel coercion techniques, O365 token extraction, and more.
These tools allow you to simulate similar techniques to what some APTs and Organized Crime Groups apply but are not available in public tools. They also help all your team members to easily perform highly technical and difficult tasks without hassle, while also being OPSEC safe. OST tools are explicitly developed to bypass defensive measures and detection tools.
Interoperability between the tools will be improved and made easier with the implementation of, and future enhancements to, a shared web portal. This is planned for late 2023/early 2024.
OST and Cobalt Strike can be purchased together for a reduced price as part of the Red Team Bundle.
Automated Pen Testing: Core Impact
Core Impact is an automated pen testing tool. Cobalt Strike’s Beacon can function in both tools via session passing and tunneling capabilities.
Interoperability between the tools was enhanced in the Core Impact 20.3 release and there are other enhancements currently in the pipeline, leveraging SOCKS tunneling and External C2. The Cobalt Strike and Core Impact research teams are collaborating on a number of research tasks that will lead to further interoperability in future releases of both products.
Cobalt Strike and Core impact can be purchased together for a reduced price as part of the Advanced Bundle.
Advanced Red Team Bundle
Cobalt Strike, OST and Core Impact are also available together in the Advanced Red Team Bundle.
All three of these tools can interact with one another during engagements using session passing and tunnelling capabilities. For example, initial access may be achieved in Core Impact with Beacon then spawned to continue post-exploitation in Cobalt Strike. Alternatively, OST’s Stage 1 implant can be used to disable defensive systems, then passed to Cobalt Strike to escalate privileges, download files, and more.