Today, we have released two brand new labs on defending against Cobalt Strike. Come see how to defend against this prolific C2 framework and the indicators of compromise it creates!
Cobalt Strike is an adversary simulation tool developed by Fortra. Cobalt Strike was designed to be used by professional red teams to perform post-exploitation actions such as enumerating file systems, elevating privileges, and deploying malware. Despite being designed for red teams, threat actors often use both licensed and unlicensed (cracked) versions of Cobalt Strike for malicious intentions.
Why have we created this content?
A recent report again stated that Cobalt Strike is the C2 framework of choice by hackers around the world. We previously had no labs covering how to identify and defend against this C2 framework. Therefore, as we have with Havoc and Sliver, we have released labs based on analysis of its activities in networks and on a host and created and released volatility plugins to help defensive teams in their own analysis.
What are we publishing?
All customers on a CyberPro License have immediate access to two new labs.
- Threat Research: Cobalt Strike C2 – Host Forensics
- Threat Research: Cobalt Strike C2 – SIEM Analysis
Who is this content for?
These labs are focused on upskilling and increasing the defensive capabilities of the following roles:
- SOC Analysts
- Incident Responders
- Threat Hunters
- Malware Analysts
Immerser
