Strategic Cyber Cobalt Strike
February 03, 2014
£1,507 per user per year.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Built around the powerful Metasploit framework, excellent pre-built training environment.
- Weaknesses: A lot of the tool’s functionality is also available via free, open source software.
- Verdict: Cobalt Strike adds enough value in the form of pre-compiled attack packages, social engineering features and reporting to make it worth the price.
Despite its colorful marketing approach, Strategic Cyber's Cobalt Strike application is a serious penetration testing and educational tool. Written by the creator of the popular Armitage collaboration tool for Metasploit, this "commercial big brother" to that software takes a targeted attack-focused approach to penetration testing.
The product setup wasn't difficult. It was delivered to us in a retail package containing a printed manual and DVD. This DVD contained a number of virtual machines intended for use in an educational environment, along with the product itself. We imported the included virtual machines into our virtual environment, installed the actual product as specified in the product documentation (a simple .tgz extraction), and we were ready to go. Users choosing to install the software outside of the provided VMs will likely find themselves dealing with a number of software prerequisites. Those users will find familiarity with Linux helpful, although the target audience for this software will already be familiar with multiple operating systems.
A Java application built on top of the open source Metasploit framework and Armitage collaboration applications, Cobalt Strike neatly packages those tools and focuses on leveraging them with its own collection of threat emulation software. Users of Armitage will instantly be familiar with the interface. The GUI enables testers to easily scan target hosts, determine running services and launch attacks against them. This offering makes it easy for testers to create sophisticated phishing attacks by simply cloning legitimate sites and crafting phishing emails to match. Scripting support is enabled via the product's integration with the Cortana scripting language, enabling testers to create bots that can scan targets and launch attacks. Once an attack lands successfully, maneuvering further into the target network is simplified via the use of easy-to-deploy proxy or VPN pivots. When all else fails, the "Hail Mary" option scans the host and launches any exploit it believes will result in a successful attack.
The Cobalt Strike documentation is quite thorough. The DVD contained a PDF with steps designed to teach the basics of using the product by launching exploits against the included exploitable VM hosts. The printed manual provides a higher-level view of the solution, covering the philosophy behind each primary function and basic instruction in their use. This manual is also available as a .PDF file on Strategic Cyber's website, alongside a number of other FAQs, tutorials, and videos covering individual product features. We also found the developer's blog an interesting resource. In it, he covers a number of use cases for the product and penetration testing in general - even discussing methods for cracking his own product.
Strategic Cyber's support is quite limited, with eight-hours-a-day/five-days-a-week email aid as the only direct option - not entirely unexpected considering the fact that the product is developed and maintained by a single individual.
Cobalt Strike is priced at a flat £1,507 per user per year. Support is included with an up-to-date license.
Prices are US-based, thus indicative only.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry