Strategic Cyber Cobalt Strike
February 03, 2014
$2,500 per user per year.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Built around the powerful Metasploit framework, excellent pre-built training environment.
- Weaknesses: A lot of the tool’s functionality is also available via free, open source software.
- Verdict: Cobalt Strike adds enough value in the form of pre-compiled attack packages, social engineering features and reporting to make it worth the price.
Despite its colorful marketing approach, Strategic Cyber's Cobalt Strike application is a serious penetration testing and educational tool. Written by the creator of the popular Armitage collaboration tool for Metasploit, this "commercial big brother" to that software takes a targeted attack-focused approach to penetration testing.
The product setup wasn't difficult. It was delivered to us in a retail package containing a printed manual and DVD. This DVD contained a number of virtual machines intended for use in an educational environment, along with the product itself. We imported the included virtual machines into our virtual environment, installed the actual product as specified in the product documentation (a simple .tgz extraction), and we were ready to go. Users choosing to install the software outside of the provided VMs will likely find themselves dealing with a number of software prerequisites. Those users will find familiarity with Linux helpful, although the target audience for this software will already be familiar with multiple operating systems.
A Java application built on top of the open source Metasploit framework and Armitage collaboration applications, Cobalt Strike neatly packages those tools and focuses on leveraging them with its own collection of threat emulation software. Users of Armitage will instantly be familiar with the interface. The GUI enables testers to easily scan target hosts, determine running services and launch attacks against them. This offering makes it easy for testers to create sophisticated phishing attacks by simply cloning legitimate sites and crafting phishing emails to match. Scripting support is enabled via the product's integration with the Cortana scripting language, enabling testers to create bots that can scan targets and launch attacks. Once an attack lands successfully, maneuvering further into the target network is simplified via the use of easy-to-deploy proxy or VPN pivots. When all else fails, the "Hail Mary" option scans the host and launches any exploit it believes will result in a successful attack.
The Cobalt Strike documentation is quite thorough. The DVD contained a PDF with steps designed to teach the basics of using the product by launching exploits against the included exploitable VM hosts. The printed manual provides a higher-level view of the solution, covering the philosophy behind each primary function and basic instruction in their use. This manual is also available as a .PDF file on Strategic Cyber's website, alongside a number of other FAQs, tutorials, and videos covering individual product features. We also found the developer's blog an interesting resource. In it, he covers a number of use cases for the product and penetration testing in general - even discussing methods for cracking his own product.
Strategic Cyber's support is quite limited, with eight-hours-a-day/five-days-a-week email aid as the only direct option - not entirely unexpected considering the fact that the product is developed and maintained by a single individual.
Cobalt Strike is priced at a flat $2,500 per user per year. Support is included with an up-to-date license.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes