Strategic Cyber Cobalt Strike
February 03, 2014
$2,500 per user per year.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Built around the powerful Metasploit framework, excellent pre-built training environment.
- Weaknesses: A lot of the tool’s functionality is also available via free, open source software.
- Verdict: Cobalt Strike adds enough value in the form of pre-compiled attack packages, social engineering features and reporting to make it worth the price.
Despite its colorful marketing approach, Strategic Cyber's Cobalt Strike application is a serious penetration testing and educational tool. Written by the creator of the popular Armitage collaboration tool for Metasploit, this "commercial big brother" to that software takes a targeted attack-focused approach to penetration testing.
The product setup wasn't difficult. It was delivered to us in a retail package containing a printed manual and DVD. This DVD contained a number of virtual machines intended for use in an educational environment, along with the product itself. We imported the included virtual machines into our virtual environment, installed the actual product as specified in the product documentation (a simple .tgz extraction), and we were ready to go. Users choosing to install the software outside of the provided VMs will likely find themselves dealing with a number of software prerequisites. Those users will find familiarity with Linux helpful, although the target audience for this software will already be familiar with multiple operating systems.
A Java application built on top of the open source Metasploit framework and Armitage collaboration applications, Cobalt Strike neatly packages those tools and focuses on leveraging them with its own collection of threat emulation software. Users of Armitage will instantly be familiar with the interface. The GUI enables testers to easily scan target hosts, determine running services and launch attacks against them. This offering makes it easy for testers to create sophisticated phishing attacks by simply cloning legitimate sites and crafting phishing emails to match. Scripting support is enabled via the product's integration with the Cortana scripting language, enabling testers to create bots that can scan targets and launch attacks. Once an attack lands successfully, maneuvering further into the target network is simplified via the use of easy-to-deploy proxy or VPN pivots. When all else fails, the "Hail Mary" option scans the host and launches any exploit it believes will result in a successful attack.
The Cobalt Strike documentation is quite thorough. The DVD contained a PDF with steps designed to teach the basics of using the product by launching exploits against the included exploitable VM hosts. The printed manual provides a higher-level view of the solution, covering the philosophy behind each primary function and basic instruction in their use. This manual is also available as a .PDF file on Strategic Cyber's website, alongside a number of other FAQs, tutorials, and videos covering individual product features. We also found the developer's blog an interesting resource. In it, he covers a number of use cases for the product and penetration testing in general - even discussing methods for cracking his own product.
Strategic Cyber's support is quite limited, with eight-hours-a-day/five-days-a-week email aid as the only direct option - not entirely unexpected considering the fact that the product is developed and maintained by a single individual.
Cobalt Strike is priced at a flat $2,500 per user per year. Support is included with an up-to-date license.
SC Magazine Articles
- Was Spotify breached? Account info shows up on Pastebin
- Report: Ransomware feeds off poor endpoint security
- Researcher finds backdoor that accessed Facebook employee passwords
- Over 7M Minecraft mobile credentials exposed after Lifeboat data breach
- DōTERRA breach exposes customer info; including SS, DOB, and addresses
- Federal court bucks trend, rules general liability insurance covers data breach
- The anatomy of a spearphishing scam, or how to steal $100M with a fake email
- FBI investigating attack against computer networks at U.S. law firms
- Pros examine Mossack Fonseca breach: WordPress plugin, Drupal likely suspects
- First Choice Credit Union files class-action suit against Wendy's over breach
- Top NFL prospect Tunsil free falls in draft after apparent hacker posts damaging video, texts
- Researchers spot Android Infostealer disguised as Chrome update
- Researchers spot mobile malware competition on the black market
- Judge ruled go ahead for claims of phone hacking against UK tabloid