Cobalt Strike is a threat emulation tool that provides a post-exploitation agent and covert channels, replicating the tactics and techniques of an advanced adversary in a network. OST is a curated set of offensive security tools that covers every step in the attacker kill chain. Though both solutions work well independently, OST was developed to work in tandem with Cobalt Strike, extending its reach and empowering red team operators for increased efficiency.
Cobalt Strike and OST can be bundled together for a reduced price, enabling organizations to benefit from red teaming tools that seamlessly integrate with one another. This overview provides details on the key functionalities of each of these solutions and how they can be used together to amplify your red teaming efforts.
Cobalt Strike enables security professionals to simulate the tactics and techniques of a stealthy long-term embedded attacker in an IT environment. Red teams can launch targeted attacks using Beacon, Cobalt Strike’s post-exploitation payload, which can execute PowerShell scripts, log keystrokes, take screenshots, download files, and spawn other payloads.
Additionally, Cobalt Strike has a malleable command and control framework that can be modified with custom scripts, adjustable attack kits, and the Community Kit with user-created extensions. For example, new post-exploitation features can be added through the creation of a Beacon Object File (BOF), a compiled C program that can be executed within a Beacon process and use internal Beacon APIs.
OST is a toolkit for red teamers by red teamers, built for performing in mature and sensitive target environments to efficiently simulate techniques currently used by APTs and other cyber attackers. OST’s toolkit has coverage for every aspect of an engagement, with tools for initial breach, lateral movements, privilege escalation, achieving persistence, and final exfiltration.
OST tools specialize in evasion, helping red teamers stay under the radar. For example, tools like Payload Generator deploy anti-forensic features to help evade antivirus and EDR solutions. OST tools also utilize techniques that have not yet been published or weaponized by solutions or services.
Evasive Red Teaming: Use Cases
Combining OST and Cobalt Strike enables red teams to run advanced attack simulations designed to bypass defensive measures and detection tools with ease. Outflank’s expert red teamers regularly develop new tooling for OST to ensure it is keeping up with attack methodology being seen in the wild.
The following use cases provide how users can take advantage of the Red Team Bundle:
Ready to Pair Cobalt Strike and OST?
Reach out to one of our experts for pricing information and to find out more about how our Red Team bundle offering will benefit your organization.