Cobalt Strike: Adversary Simulation

Cobalt Strike is a commercial adversary simulation platform used by red teams worldwide for advanced penetration testing.

Key Features

• Beacon: Cobalt Strike's payload for maintaining persistent access
• Malleable C2: Customize network indicators
• Pivot: Move laterally through compromised networks
• Social Engineering: Spear phishing and website cloning
• Post-Exploitation: Credential theft, keylogging, screenshots

Beacon Types

• HTTP/HTTPS Beacon: Communicates over HTTP(S)
• DNS Beacon: Uses DNS for C2 communication
• SMB Beacon: Peer-to-peer within a network
• TCP Beacon: Direct TCP connections

Common Operations

# Start listener
Cobalt Strike > Listeners > Add

Generate payload
Attacks > Packages > Windows Executable

Interact with beacon
beacon> shell whoami
beacon> hashdump
beacon> mimikatz
beacon> port-forward
beacon> socks