Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Cobalt Strike is a publicly available and well known tool associated with pen testing, security assessments, and persistent, planned attacks. Outbound connections to Cobalt Strike team servers are associated with command-and-control (C&C) activity. Through a persistent C&C channel, an attacker can remotely control a device and gain an entry point for further attacks on the network.
Kill Chain
Risk Score
88
Cobalt Strike is an attack simulation toolkit that is often associated with malicious activity. Attackers install the Cobalt Strike Beacon payload on a compromised device and the beacon initiates a connection to a C&C server, referred to as the Cobalt Strike team server. Messages between compromised devices and Cobalt Strike team servers can include encrypted information such as command output.
Block inbound and outbound traffic from suspicious IP addresses at the network perimeter
Quarantine the device while checking for the presence of malware
