Full Spectrum Cobalt Strike Detection: A Technical Profile from Recorded Future’s Insikt Group
Using a combination of host and network-based detection methods and expert analysis, Recorded Future’s Insikt Group completed a deep technical profile of the commercial post-exploitation framework, Cobalt Strike.
Cobalt Strike is a tool designed to aid penetration testers and red team operators in conducting authorized intrusions. Despite its original goal, since its release in 2012, Cobalt Strike has gained widespread popularity among state-sponsored threat actors and financially motivated threat actors.
To learn more, hear the Insikt Group analysts talk about the history of Cobalt Strike, its technical specifications, detection and response strategies, and their research methodology.
Can't see the form? You may have a browser extension blocking it. Please allow this page to load so you can submit the form.
Highlights from the Insikt Group Cobalt Strike technical profile include:
A background on Cobalt Strike including when it changed from a pentesting tool to a popular hacking tool for state-sponsored threat actors
Details on the Cobalt Strike capabilities, observed threat actor use, host-based and network-based detections
Resources and mitigation tips in the event that Cobalt Strike is identified