Cobalt Strike on the TWiET set
September 24, 2013Yesterday, I had a lot of fun hanging out with the This Week in Enterprise Tech crew. We had a chance to talk about penetration testing in its various forms, best practices, and a demonstration of Armitage and Cobalt Strike. I’m getting ready to push something big in Cobalt Strike in a few days… the end of the episode has a demo of it. You don’t want to miss it.
Here’s the episode:
Thanks Fr. Robert Ballecer for having me as a guest. It was a blast!
I enjoyed this interview a lot. It seems that the people who are condescending of pentesters and red teamers that use automated tools like Metasploit and Armitage are the only ones not performing pentests. I’ve been in the game for a few years now and I’ve yet to meet an experienced red teamer or pentester that refuses automation.
Likewise, all of the armchair boxers that swear on the Internet that automation is for noobs (while they are always smart folks) are never involved with security as a profession. As you said, it’s an interesting dichotomy.
I’d personally like to explore this a bit further and invite some of the mystery testers out to see what exactly THEY use. Who knows what we’ve been missing?!
Thanks again for the interview.
–Andrew
There’s a lot of dated ideas about hacking that seem to have entered the common understanding. “it requires social engineering… that’s lame” is one I hear a lot. I don’t worry too much about it. I try to write about what works for me or what I’ve seen work for my users. *shrug*