Raphael Mudge was the primary maintainer for many years before the acquisition from Core Security. Thanks to Kostastsale for helping put this guide together! Cobalt Strike CapabilitiesĬobalt Strike has many features, and it is under constant development by a team of developers at Core Security by Help Systems. Threat actors turn to Cobalt Strike for its ease of use and extensibility. Cobalt Strike is chosen for the second stage of the attack as it offers enhanced post-exploitation capabilities. QakBot), Ursnif, Hancitor, Bazar and TrickBot. Some of the most common droppers we see are IcedID (a.k.a. Having said that, not all of Cobalt Strike’s features will be discussed.Īs you have noticed from our reporting so far, Cobalt Strike is used as a post-exploitation tool with various malware droppers responsible for the initial infection stage. The primary purpose of this post is to expose the most common techniques that we see from the intrusions that we track and provide detections. Therefore, defenders should know how to detect Cobalt Strike in various stages of its execution. In most of our cases, we see the threat actors utilizing Cobalt Strike. In our research, we expose adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools they use to execute their mission objectives.
0 Comments
Leave a Reply. |