hstechdocs.helpsystems.com
Open in
urlscan Pro
18.244.114.35
Public Scan
Submitted URL: https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/welcome_main.htm#_Toc65482705
Effective URL: https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/welcome_main.htm
Submission: On December 06 via api from PL — Scanned from PL
Effective URL: https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/welcome_main.htm
Submission: On December 06 via api from PL — Scanned from PL
Form analysis 1 forms found in the DOM
#
<form class="search" action="#">
<div class="search-bar search-bar-container needs-pie">
<input class="search-field needs-pie" type="search" aria-label="Search Field" placeholder="Search">
<div class="search-filter-wrapper"><span class="invisible-label" id="search-filters-label">Filter: </span>
<div class="search-filter" aria-haspopup="true" aria-controls="sf-content" aria-expanded="false" aria-label="Search Filter" title="All Files" role="button" tabindex="0">
</div>
<div class="search-filter-content" id="sf-content">
<ul>
<li>
<button class="mc-dropdown-item" aria-labelledby="search-filters-label filterSelectorLabel-00001"><span id="filterSelectorLabel-00001">All Files</span>
</button>
</li>
</ul>
</div>
</div>
<div class="search-submit-wrapper" dir="ltr">
<div class="search-submit" title="Search" role="button" tabindex="0"><span class="invisible-label">Submit Search</span>
</div>
</div>
</div>
</form>Text Content
* Welcome to Cobalt Strike * Welcome to Cobalt Strike * Overview * Installation and Updates * Starting the Team Server * Starting a Cobalt Strike Client * Distributed and Team Operations * Scripting Cobalt Strike * Running the Client on MacOS X * User Interface * Data Management * Listener and Infrastructure Management * Initial Access * Payload Artifacts and Anti-virus Evasion * Post Exploitation * Browser Pivoting * Pivoting * SSH Sessions * Malleable Command and Control * Malleable PE, Process Injection, and Post Exploitation * Beacon Object Files * Aggressor Script * Reporting and Logging * Appendix * Video Library Skip To Main Content Account Settings -------------------------------------------------------------------------------- Logout * Welcome to Cobalt Strike» * User Interface» * Data Management» * Listener and Infrastructure Management» * Initial Access» * Payload Artifacts and Anti-virus Evasion» * Post Exploitation» * Browser Pivoting» * Pivoting» * SSH Sessions» * Malleable Command and Control» * Malleable PE, Process Injection, and Post Exploitation» * Beacon Object Files» * Aggressor Script» * Reporting and Logging» * Appendix» * Video Library Account Settings -------------------------------------------------------------------------------- Logout Filter: * All Files Submit Search * Welcome to Cobalt Strike Welcome to Cobalt Strike * Overview * Installation and Updates Installation and Updates * Starting the Team Server * Starting a Cobalt Strike Client * Distributed and Team Operations * Scripting Cobalt Strike * Running the Client on MacOS X * User Interface User Interface * Data Management Data Management * Listener and Infrastructure Management Listener and Infrastructure Management * Initial Access Initial Access * Payload Artifacts and Anti-virus Evasion Payload Artifacts and Anti-virus Evasion * Post Exploitation Post Exploitation * Browser Pivoting Browser Pivoting * Pivoting Pivoting * SSH Sessions SSH Sessions * Malleable Command and Control Malleable Command and Control * Malleable PE, Process Injection, and Post Exploitation Malleable PE, Process Injection, and Post Exploitation * Beacon Object Files Beacon Object Files * Aggressor Script Aggressor Script * Reporting and Logging Reporting and Logging * Appendix Appendix * Video Library You are here: Welcome to Cobalt Strike WELCOME TO COBALT STRIKE Cobalt Strike is a platform for adversary simulations and red team operations. The product is designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors. This section describes the attack process supported by Cobalt Strike’s feature set. The rest of this manual discusses these features in detail. OVERVIEW figure 1 - The Offense Problem Set A thought-out targeted attack begins with reconnaissance. Cobalt Strike’s system profiler is a web application that maps your target’s client-side attack surface. The insights gleaned from reconnaissance will help you understand which options have the best chance of success on your target. Weaponization is pairing a post-exploitation payload with a document or exploit that will execute it on target. Cobalt Strike has options to turn common documents into weaponized artifacts. Cobalt Strike also has options to export its post-exploitation payload, Beacon, in a variety of formats for pairing with artifacts outside of this toolset. Use Cobalt Strike’s spear phishing tool to deliver your weaponized document to one or more people in your target’s network. Cobalt Strike’s phishing tool repurposes saved emails into pixel- perfect phishes. Control your target’s network with Cobalt Strike’s Beacon. This post-exploitation payload uses an asynchronous “low and slow” communication pattern that’s common with advanced threat malware. Beacon will phone home over DNS, HTTP, or HTTPS. Beacon walks through common proxy configurations and calls home to multiple hosts to resist blocking. Exercise your target’s attack attribution and analysis capability with Beacon’s Malleable Command and Control language. Reprogram Beacon to use network indicators that look like known malware or blend in with existing traffic. Pivot into the compromised network, discover hosts, and move laterally with Beacon’s helpful automation and peer-to-peer communication over named pipes and TCP sockets. Cobalt Strike is optimized to capture trust relationships and enable lateral movement with captured credentials, password hashes, access tokens, and Kerberos tickets. Demonstrate meaningful business risk with Cobalt Strike’s user-exploitation tools. Cobalt Strike’s workflows make it easy to deploy keystroke loggers and screenshot capture tools on compromised systems. Use browser pivoting to gain access to websites that your compromised target is logged onto with Internet Explorer. This Cobalt Strike-only technique works with most sites and bypasses two-factor authentication. Cobalt Strike’s reporting features reconstruct the engagement for your client. Provide the network administrators an activity timeline so they may find attack indicators in their sensors. Cobalt Strike generates high quality reports that you may present to your clients as stand-alone products or use as appendices to your written narrative. Throughout each of the above steps, you will need to understand the target environment, its defenses, and reason about the best way to meet your objectives with what is available to you. This is evasion. It is not Cobalt Strike’s goal to provide evasion out-of-the-box. Instead, the product provides flexibility, both in its potential configurations and options to execute offense actions, to allow you to adapt the product to your circumstance and objectives. Related Topics Version 4.9.x | 202311140845 | November 2023 Copyright © Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners. 4.9.x | 202311140845 | November 2023