Cobalt Strike

Click the icon to Follow me:- twitterTelegramRedditDiscord

Cobalt Strike is  software for Adversary Simulations and Red Team Operations. What this means is, if you wanted to test your SOC capabilities or IR functions and see how well they do against someone mimicking an APT, this tools allows you to do that.2018 10 10 08 37 11 Adversary Simulation and Red Team Operations Software Cobalt Strike

With that said let’s move on.

Load up the team server using a Malleable C2 profile

2018 10 10 08 40 19 KALI VMware Workstation

Syntax :

2018 10 10 08 42 25 KALI VMware Workstation

Once this is running you can connect to it with the GUI client with a simple ./cobaltstrike

Enter any username you want to be known by and the password that you used when setting up the team server. If the team server is on another host not your localhost. you will need to add that IP address in also.

2018 10 10 08 46 56 KALI VMware Workstation

Enter the GUI

2018 10 10 08 50 54 KALI VMware Workstation

Now remember Cobalt strike is NOT metasploit! It does work with metasploit framework but they are not the same thing.
Cobalt strike has limited capabilities when it comes to exploiting a target, but it does have some.

Client Side Attacks

Hopefully that has given you a small insight into Cobalt strike’s GUI and how to get started.
Pop over to Cobalt strikes website for further training videos

Let me know on twitter if you wanted more blog posts on CS.