Cobalt Strike, Zero Day review

A look into the Cobalt Strike, the latest penetration testing product from Raphael Mudge, the man behind Armitage.

Free or paid? How about yes? These days, both is a legitimate answer. As a matter of fact, it's a darn good marketing strategy. After all, drug dealers and Microsoft have been using it for years. "The first taste is always free!" "Academic pricing is great, and hooks kids on Microsoft products!"

Rapid7 did it with Metasploit (Free and Pro), Tenable did it with Nessus (Homefeed and ProfessionalFeed), and now Raphael Mudge is doing it with his suite of products. Armitage, the popular add-on to Metasploit, is free, and will continue to be free. Mudge's newest product, Cobalt Strike, will be a paid product, providing Armitage-like functionality, with some important additions.

Here's the epic video.

Mudge agreed to an interview over Skype, and went into great detail as to how excited he was to be able to offer Cobalt Strike to Red Teams everywhere (well, internationally if you follow export regulations.)

Cobalt Strike allows Red Teams to conduct blind (blackbox, double blind, pick your term) network penetration tests, using the tools they already know and love, such as Metasploit, NMAP, Nessus, whatever. The program will be extensible via API calls. Mudge explained that he really wants to build a community around the product to crowdsource those hooks into all major pen testing tools.

Cobalt Strike apparently, like SET (Social Engineering Toolkit), is able to perform spear-phishing and social engineering attacks. It can also inject malware into files on the fly. Couple that with the Client Profiler Mudge built, and it appears that the author of SET might want to take notice. Effectively, you have to decide ahead of time what type of exploit to attempt with the Social Engineering Toolkit. With a Client Profiler, you can determine what type of exploit will work, then build the Spearphishing/Social Engineering attack around that.

It's common knowledge in the community that Mudge has been supporting himself with a CFT grant (Cyber Fast Track DARPA grant) to build scripting for Armitage. I'll leave it to your imagination what kind of scripting someone who builds his own IDE for developing, can create.

At $2,500 per person per year, it's not the cheapest date in the world. Is it worth it?

I'm curious to know who is salivating over this, and who thinks Armitage is good enough. And why. Let me know why. Oh, by the way, he released it to the world Wednesday. Have fun!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT