🕸️
Th4ntis CyberSec
  • 🕷️>whoami_
  • 🖥️General Info
    • CyberSec News
    • Getting Started and other Resources
      • CompTIA Certs
        • Security+
        • Pentest+
    • MITRE ATT&CK
    • Cyber Kill Chain
    • Docker
  • 💻Networking
    • General Networking
    • Common Ports and Protocols
    • TCP/IP Model
    • OSI Model
    • Subnetting
    • Wireshark
    • NMap
    • Wireless
      • Wardriving/WiFi Sniffing
    • 3-Way Handshake
  • 🐧Linux
    • Common commands
    • Sudo
    • Files and File contents
    • Sed Awk and Grep
    • Permissions
  • 🪟Windows
    • Event Codes
    • Powershell
    • Internals
    • Active Directory
  • 🔎OSINT
    • OSINT Tools
    • IP/Domain OSINT
    • Email/Username OSINT
    • URL OSINT and Sandboxing
    • Social Media OSINT
    • Website OSINT
    • Password OSINT
    • Physical Location OSINT
    • Image OSINT
    • People OSINT
    • Phone Number OSINT
    • Shodan
    • Google Dorking
  • 🛠️Tools
    • Brute Force
      • Hydra
    • Credential Dumping
      • Mimikatz
    • Enumeration
      • Bloodhound
      • Certipy
      • Dirb/Dirbuster
      • Enum4Linux
      • GoBuster
    • Exploitation Framework
      • Metasploit
      • Sliver
      • Cobalt Strike
    • Hash Cracking
      • Hashcat
      • JohnTheRipper
    • Methods
      • Powershell Obfuscation
      • Privilege Escalation
      • Pass-The-Hash
      • Kerberos and Kerberoasting
    • Vulnerability Scanners
      • Nessus
      • OpenVAS
    • Web App
      • BurpSuite
      • OWASP Zap
    • Wireless
      • Aircrack-ng
      • Kismet
      • Bettercap
      • HCXDumptool
      • Wifite
    • Impacket
    • Social-Engineer Toolkit (SET)
  • 📔Guides and How-To's
    • Lab Setup
      • Ubuntu VM
      • Kali VM
      • Windows User VM
      • Windows Server VM
    • Wardriving
      • Pwnagotchi
    • Wireless Pentesting
      • WiFi Pineapple Basics
      • Evil-Twin Attack
    • Over The Wire
      • Bandit
      • Natas
      • Leviathan
      • Krypton
      • Narnia
      • Behemoth
      • Utumno
      • Maze
      • Vortex
      • Manpage
    • Docker and Kali Linux
    • Staying Private and goin Dark Online
  • 📕Quick References
    • Tools
      • Tmux
      • NMap
      • Ffuf
      • NetExec
      • CrackMapExec
      • Proxychains
      • OneDriveUser Enum
      • Hashcat
      • Mimikatz
    • One-liners
    • Reverse Shells
    • Post Exploitation
    • Enumeration
      • Google
      • Sublist3r
      • NMap
      • DNSDumpster
    • Hashcracking
    • Wireless
  • 📓Courses
    • PNPT
      • Practical Ethical Hacking
      • Windows Privilege Escalation
      • Linux Privilege Escalation
      • OSINT Fundamentals
      • External Pentest Playbook
  • ☁️TryHackMe
    • Attacking Kerberos
    • Hacking with Powershell
    • Powershell for Pentesters
    • Linux PrivEsc
    • Windows PrivEsc
    • Blue
    • Kenobi
  • 📦HackTheBox
    • Starting Point
      • Tier 0
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Walkthroughs
      • Lame
      • Analytics
      • Manager
      • Codify
Powered by GitBook
On this page
  • About
  • Attack Package
  • Browser Pivoting
  • Spear Phishing
  • Reporting and Logging
Edit on GitHub
  1. Tools
  2. Exploitation Framework

Cobalt Strike

Last updated 1 year ago

About

is a "threat emulation software. Execute targeted attacks against modern enterprises with one of the most powerful network attack kits available to penetration testers. This is not compliance testing. Cobalt Strike gives you a post-exploitation agent and covert channels to emulate a quiet long-term embedded actor in your customer’s network. lets you change your network indicators to look like different malware each time. These tools complement Cobalt Strike’s solid social engineering process, its robust collaboration capability, and designed to aid blue team training."

They have a which is a "central repository of extensions written by the user community to extend the capabilities of Cobalt Strike"

Cobalt Strike on .

Attack Package

Cobalt Strike offers a variety of attack packages to conduct a web drive-by attack or to transform an innocent file into a for a simulation attack.

Various attack packages offered by Cobalt Strike:

Browser Pivoting

Browser Pivoting is a technique that leverages an exploited system to gain access to the browser’s authenticated sessions. It is a powerful way to demonstrate risk with a targeted attack.

Cobalt Strike implements browser pivoting with a proxy server that injects into 32-bit and 64-bit Internet Explorer. When you browse through this proxy server, you inherit cookies, authenticated HTTP sessions, and client SSL certificates.

Spear Phishing

A variant of phishing, spear phishing is a method that targets specific individuals within an organization. This helps in identifying weak targets within an organization, such as employees that are more prone to security attacks.

Cobalt Strike offers a spear-phishing tool that lets you import a message by replacing links and text to build a convincing phish for you. It allows you to send this pixel-perfect spear-phishing message using an arbitrary message as a template.

Reporting and Logging

Cobalt Strike also offers post-exploitation reports that provide a timeline and the indicators of compromise detected during red team activity.

Cobalt Strike exports these reports as both PDF and MS Word documents.

🛠️
Cobalt Strike
Malleable C2
unique reports
Community Kit
ATT&CK Mitre
trojan horse
Java Applet Attacks
Microsoft Office Documents
Microsoft Windows Programs
Website Clone Tool