What we mainly see in the ransomware field is an increasing amount of manual infections. Lately, we have seen targeted attacks by both state-sponsored threat actors and ransomware peddlers. (The terms "white hat" and "black hat" are also falling out of favor, as cybersecurity professionals adopt "red team" and "blue team" descriptors to describe offensive and defensive security teams.) These tools are meant to simulate intrusions by motivated actors, and they have proven to be very good at this. So, while "white hat" hackers were developing tools to more easily emulate "black hat" activities, few considered how these tools might be turned against someone. Cobalt Strike, and other penetration testing tools, were originally created for network defenders to train them to understand vulnerabilities and possible avenues of infection by cyber criminals. Cobalt Strike offers a post-exploitation agent and covert channels, intended to emulate a quiet long-term embedded actor in the target’s network.Ĭobalt Strike is a collection of threat emulation tools provided by HelpSystems to work in conjunction with the Metasploit Framework. Metasploit is notorious for being abused, yet modules are still being developed for it so that it continues to evolve. Cobalt Strike is in the same basket. Metasploit-probably the best known project for penetration testing-is an exploit framework, designed to make it easy for someone to launch an exploit against a particular vulnerable target. Maybe only Metasploit could give it a run for the first place ranking. If you were to compose a list of tools and software developed by security and privacy defenders that ended up being abused by the bad guys, then Cobalt Strike would unfortunately be near the top of the list.
0 Comments
Leave a Reply. |