Using a combination of host and network-based detection methods and expert analysis, Recorded Future’s Insikt Group completed a deep technical profile of the commercial post-exploitation framework,
Cobalt Strike.
Cobalt Strike is a tool designed to aid penetration testers and red team operators in conducting authorized intrusions. Despite its original goal, since its release in 2012, Cobalt Strike has gained widespread popularity among state-sponsored threat actors and financially motivated threat actors.
To learn more, hear the Insikt Group analysts talk about the history of Cobalt Strike, its technical specifications, detection and response strategies, and their research methodology.
Highlights from the Insikt Group Cobalt Strike technical profile include:
- A background on Cobalt Strike including when it changed from a pentesting tool to a popular hacking tool for state-sponsored threat actors
- Details on the Cobalt Strike capabilities, observed threat actor use, host-based and network-based detections
- Resources and mitigation tips in the event that Cobalt
Strike is identified
Upcoming Webinars: Recorded Future webinars feature insights from well-known experts from inside the world of security intelligence.
Related Resource: Access white papers, case studies, on-demand webinars, and more.
Dark Web Demystified: Explore the Criminal Underground Web for Mining Threat Intelligence.
