Cobalt Strike
Software for Adversary Simulations and Red Team Operations
Cobalt Strike is a powerful threat emulation tool that provides a post-exploitation agent and covert channels ideal for Adversary Simulations and Red Team exercises. With Cobalt Strike, companies can emulate the tactics and techniques of a quiet long-term embedded threat actor in an IT network. Malleable C2 lets you change your network indicators to look like different malware each time. These tools complement Cobalt Strike's solid social engineering process, its robust collaboration capability, and unique reports designed to aid blue team training.
Key Features
Post Exploitation
Beacon, Cobalt Strike's post-exploitation payload, executes PowerShell scripts, logs keystrokes, takes screenshots, downloads files, and spawns other payloads.
Advanced Adversary Simulation
Using asynchronous “low and slow” communication to remain undetected, Beacon can simulate an embedded attacker. Additionally, Beacon’s flexible Command and Control language, Malleable C2, can be used to alter network indicators to blend in with normal traffic or cloak its activities by emulating different types of malware.
Browser Pivoting
Cobalt Strike can utilize a man-in-the-browser attack to hijack a compromised user's authenticated web sessions, enabling users to browser pivot to go around two-factor authentication and access sites as their target.
Intelligence Gathering
Cobalt Strike’s System Profiler is ideal for client-side reconnaissance activities. It stands up a local web-server, fingerprinting anyone who visits it and then redirects them to a legitimate site. From there, it can discover the internal IP address, applications, plugins, and version information of the visitor.
Shared Sessions
Multiple Red Teamers can log on to the team server for collaborative engagements, communicating in real time. In addition to shared sessions, team members can also share hosts, captured data, and download files.
Reporting and Logging
Cobalt Strike has multiple reporting options for data synthesis and further analysis. Report types include:
- Activity
- Hosts
- Indicators of Compromise
- Sessions
- Social Engineering
- Tactics, Techniques, Procedures
Pricing and Bundles
New Cobalt Strike licenses cost $5,900 per user for a one year license.
Cobalt Strike can also be paired with our other offensive solutions at a discounted rate.
In the Advanced Bundle, you can enjoy interoperability features like tunneling and session passing between Cobalt Strike and the basic, pro, or enterprise editions of our penetration testing solution, Core Impact. You'll be able to centralize your security, running multiple proactive security assessments such as vulnerability scan validation, advanced pen tests, and post-exploitation scenarios.
Build up your proactive security portfolio with the Elite Bundle, which adds Frontline Vulnerability Manager, a SaaS solution that uses proprietary scanning technology to perform comprehensive network security assessments.
Further enhance your red team engagements with the Red Team Bundle, which pairs Cobalt Strike with Outflank Security Tooling (OST), a curated set of offensive security tools designed to bypass defensive measures and detection tools. OST seamlessly integrates with Cobalt Strike’s framework through BOFs and reflective DLL loading techniques, enabling red teams to efficiently perform highly technical and difficult post-exploitation tasks.
Explore our bundle page for more information.
A Framework Built for Flexibility
Tailored Scripts
Users can modify built-in scripts or write their own using Cobalt Strike’s scripting language, Aggressor Script. New scripts are easily uploaded and managed in the Script Console, where you can trace, profile, debug, and further interact with scripts.
Adjustable Attack Kits
Kits downloaded from the Cobalt Strike arsenal can be altered to suit the needs of each engagement. For example, script templates from the Resource Kit, which is used in workflows, can be redefined. Additionally, users can create their own Beacon Object File (BOF) to expand the Beacon agent with post-exploitation features.
Interoperability with Core Impact
Organizations with both Core Impact and Cobalt Strike can take advantage of session passing and tunneling capabilities between these two tools. Beacon can be deployed from within Core Impact and users can spawn a Core Impact agent from within Cobalt Strike.
Integration with OST
Outflank Security Tooling (OST) was developed to work in tandem to work with Cobalt Strike, enhancing engagements with tools specializing on enriched evasion throughout every step of the attacker kill chain.
Community Kit
Users are encouraged to extend Cobalt Strike’s capabilities by creating their own tools. The Community Kit serves as a central repository for projects from the user community so fellow security professionals may also benefit from these extensions.
A Brief History of Cobalt Strike
Raphael Mudge created Cobalt Strike in 2012 to enable threat-representative security tests. Cobalt Strike was one of the first public red team command and control frameworks. In 2020, Fortra (formerly HelpSystems), acquired Cobalt Strike to add to its Core Security portfolio. Today, Cobalt Strike is the go-to red team platform for many U.S. government, large business, and consulting organizations.
Learn more at www.cobaltstrike.com