Adversary Simulations and Red Team Operations | Cobalt Strike | Core Security

Cobalt Strike

Software for Adversary Simulations and Red Team Operations

Cobalt Strike is a powerful threat emulation tool that provides a post-exploitation agent and covert channels ideal for Adversary Simulations and Red Team exercises. With Cobalt Strike, companies can emulate the tactics and techniques of a quiet long-term embedded threat actor in an IT network. Malleable C2 lets you change your network indicators to look like different malware each time. These tools complement Cobalt Strike's solid social engineering process, its robust collaboration capability, and unique reports designed to aid blue team training.

Pivoting with Cobalt Strike

Key Features

Beacon, Cobalt Strike's post-exploitation payload, executes PowerShell scripts, logs keystrokes, takes screenshots, downloads files, and spawns other payloads.

Using asynchronous “low and slow” communication to remain undetected, Beacon can simulate an embedded attacker. Additionally, Beacon’s flexible Command and Control language, Malleable C2, can be used to alter network indicators to blend in with normal traffic or cloak its activities by emulating different types of malware.

Cobalt Strike can utilize a man-in-the-browser attack to hijack a compromised user's authenticated web sessions, enabling users to browser pivot to go around two-factor authentication and access sites as their target.

Cobalt Strike’s System Profiler is ideal for client-side reconnaissance activities. It stands up a local web-server, fingerprinting anyone who visits it and then redirects them to a legitimate site. From there, it can discover the internal IP address, applications, plugins, and version information of the visitor.

Multiple Red Teamers can log on to the team server for collaborative engagements, communicating in real time. In addition to shared sessions, team members can also share hosts, captured data, and download files.

Cobalt Strike has multiple reporting options for data synthesis and further analysis. Report types include:

  • Activity
  • Hosts
  • Indicators of Compromise
  • Sessions
  • Social Engineering
  • Tactics, Techniques, Procedures

Interoperable Products

These tools can work independently of Cobalt Strike, but also work well when used in tandem. The below tools can interact with Cobalt Strike during engagements using session passing and tunneling capabilities.
Core Impact
Outflank Security Tooling (OST)

Cobalt Strike Pricing

New Cobalt Strike licenses cost as low as $3,540*, per user for a one-year license.

If you’re interested in more details on cost check out the full pricing page.

 *bundle pricing 

Featured Product Bundles

Cobalt Strike can be bundled with other offensive security products and purchased at a discounted cost.
Cobalt Strike & Outflank Security Tooling
Cobalt Strike, Core Impact, & Outflank Security Tooling

Want to see what Cobalt Strike can do for your organization?