Cobalt Strike


Cobalt Strike is  software for Adversary Simulations and Red Team Operations. What this means is, if you wanted to test your SOC capabilities or IR functions and see how well they do against someone mimicking an APT, this tools allows you to do that.

With that said let’s move on.

Load up the team server using a Malleable C2 profile

Syntax :
./teamserver [IP-ADDRESS] [PASSWORD] [MALLEABLE C2 PROFILE]

Once this is running you can connect to it with the GUI client with a simple ./cobaltstrike

Enter any username you want to be known by and the password that you used when setting up the team server. If the team server is on another host not your localhost. you will need to add that IP address in also.

Enter the GUI

Now remember Cobalt strike is NOT metasploit! It does work with metasploit framework but they are not the same thing.
Cobalt strike has limited capabilities when it comes to exploiting a target, but it does have some.

Client Side Attacks

Hopefully that has given you a small insight into Cobalt strike’s GUI and how to get started.
Pop over to Cobalt strikes website for further training videos

Let me know on twitter if you wanted more blog posts on CS.