It is a powerful way to demonstrate risk with a targeted attack.Ĭobalt Strike implements browser pivoting with a proxy server that injects into 32-bit and 64-bit Internet Explorer. Here are the various attack packages offered by Cobalt Strike:īrowser Pivoting is a technique that essentially leverages an exploited system to gain access to the browser’s authenticated sessions. To spot and remediate vulnerabilities, Cobalt Strike offers the following special features: Attack PackageĬobalt Strike offers a variety of attack packages to conduct a web drive-by attack or to transform an innocent file into a trojan horse for a simulation attack.
Confirming Efficacy of Endpoint Security SystemsĬobalt Strike can also provide testing against controls such as email security sandboxes, firewalls, endpoint detection, and antivirus software to determine effectiveness against common and advanced threats. It provides an overall picture of a company's security posture, including what data may be particularly vulnerable, so security researchers can prioritize the risks that need immediate attention. Cobalt Strike comes in handy in the identification of users with weak domain passwords. Most security breaches of today involve weak and stolen passwords.
Spotting Outdated SoftwareĬobalt Strike can be used to discover if a company or business is using outdated versions of software and if any patching is required. Here are some ways tools like Cobalt Strike can help security researchers: Cybersecurity MonitoringĬobalt Strike can help monitor a company's cybersecurity on a regular basis by utilizing a platform that attacks the corporate network using multiple attack vectors (e.g., email, internet browsing, web application vulnerabilities, social engineering attacks) to detect the weak spots that could be exploited. By using Cobalt Strike, security professionals can easily identify and remediate vulnerabilities and rate them based on the severity of issues they can potentially cause. It is often difficult to spot gaps or vulnerabilities in a system that you created or have been using for a long time.