What Is Cobalt Strike?
How Cobalt Strike Works
What Is a Cobalt Strike Beacon?
Cobalt Strike can generate remote agents known as beacons that can be deployed to achieve remote code execution (RCE) on the target system once initial access has been gained. Beacons are configured to conduct further malicious activities with custom settings and are deployed as either “staged” or “stageless” payloads.
Staged payloads are delivered in multiple stages to evade detection by initializing a small footprint on the target host. The first stage establishes a connection between the target device and the attackers’, then waits for instructions to import the full second-stage payload or other malicious activities later. On the other hand, stageless payloads are delivered in a single step, meaning that the entire Beacon payload is delivered to the target system in a single piece of code.
Dangers of Cobalt Strike
Cobalt Strike’s malleability allows threat actors to modify the behavior of its components to mimic legitimate network traffic and evade detection by security software. Threat actors take advantage of Cobalt Strike’s capabilities to carry out malicious activities, including: