Strategic Cyber Cobalt Strike
February 03, 2014
$2,500 per user per year.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Built around the powerful Metasploit framework, excellent pre-built training environment.
- Weaknesses: A lot of the tool’s functionality is also available via free, open source software.
- Verdict: Cobalt Strike adds enough value in the form of pre-compiled attack packages, social engineering features and reporting to make it worth the price.
Despite its colorful marketing approach, Strategic Cyber's Cobalt Strike application is a serious penetration testing and educational tool. Written by the creator of the popular Armitage collaboration tool for Metasploit, this "commercial big brother" to that software takes a targeted attack-focused approach to penetration testing.
The product setup wasn't difficult. It was delivered to us in a retail package containing a printed manual and DVD. This DVD contained a number of virtual machines intended for use in an educational environment, along with the product itself. We imported the included virtual machines into our virtual environment, installed the actual product as specified in the product documentation (a simple .tgz extraction), and we were ready to go. Users choosing to install the software outside of the provided VMs will likely find themselves dealing with a number of software prerequisites. Those users will find familiarity with Linux helpful, although the target audience for this software will already be familiar with multiple operating systems.
A Java application built on top of the open source Metasploit framework and Armitage collaboration applications, Cobalt Strike neatly packages those tools and focuses on leveraging them with its own collection of threat emulation software. Users of Armitage will instantly be familiar with the interface. The GUI enables testers to easily scan target hosts, determine running services and launch attacks against them. This offering makes it easy for testers to create sophisticated phishing attacks by simply cloning legitimate sites and crafting phishing emails to match. Scripting support is enabled via the product's integration with the Cortana scripting language, enabling testers to create bots that can scan targets and launch attacks. Once an attack lands successfully, maneuvering further into the target network is simplified via the use of easy-to-deploy proxy or VPN pivots. When all else fails, the "Hail Mary" option scans the host and launches any exploit it believes will result in a successful attack.
The Cobalt Strike documentation is quite thorough. The DVD contained a PDF with steps designed to teach the basics of using the product by launching exploits against the included exploitable VM hosts. The printed manual provides a higher-level view of the solution, covering the philosophy behind each primary function and basic instruction in their use. This manual is also available as a .PDF file on Strategic Cyber's website, alongside a number of other FAQs, tutorials, and videos covering individual product features. We also found the developer's blog an interesting resource. In it, he covers a number of use cases for the product and penetration testing in general - even discussing methods for cracking his own product.
Strategic Cyber's support is quite limited, with eight-hours-a-day/five-days-a-week email aid as the only direct option - not entirely unexpected considering the fact that the product is developed and maintained by a single individual.
Cobalt Strike is priced at a flat $2,500 per user per year. Support is included with an up-to-date license.
SC Magazine Articles
- Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected
- Cybercriminals already able to hack ATM biometric readers
- Education sector bullied by ransomware and can barely defend itself, report
- IoT assault, connected devices increasingly used for DDoS attacks
- Cisco warns of exploitation of new flaws linked to Shadow Brokers exploits
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Hard Rock Hotel & Casino Las Vegas hit with POS breach
- X-ray and MRI machines among devices used as springboards for data breach attacks
- Hacker purportedly selling over 650,000 stolen medical records on dark web marketplace
- Wi-Fi warning! Study finds U.S. unaware of public Wi-fi risks
- RIG EK rigged to steal tricks from Neutrino in fight to fill Angler's void
- SWIFT adds additional protective measures for members to ensure cybersecurity compliance
- 185M incidents bypassed perimeter defenses - report
- Pagers found leaking patient health information
- OVH suffers massive 1.1Tbps DDoS attack