Cobalt Strike on the TWiET set

September 24, 2013

Yesterday, I had a lot of fun hanging out with the This Week in Enterprise Tech crew. We had a chance to talk about penetration testing in its various forms, best practices, and a demonstration of Armitage and Cobalt Strike. I’m getting ready to push something big in Cobalt Strike in a few days… the end of the episode has a demo of it. You don’t want to miss it.

Here’s the episode:

Thanks Fr. Robert Ballecer for having me as a guest. It was a blast!


  1. I enjoyed this interview a lot. It seems that the people who are condescending of pentesters and red teamers that use automated tools like Metasploit and Armitage are the only ones not performing pentests. I’ve been in the game for a few years now and I’ve yet to meet an experienced red teamer or pentester that refuses automation.

    Likewise, all of the armchair boxers that swear on the Internet that automation is for noobs (while they are always smart folks) are never involved with security as a profession. As you said, it’s an interesting dichotomy.

    I’d personally like to explore this a bit further and invite some of the mystery testers out to see what exactly THEY use. Who knows what we’ve been missing?!

    Thanks again for the interview.


    • There’s a lot of dated ideas about hacking that seem to have entered the common understanding. “it requires social engineering… that’s lame” is one I hear a lot. I don’t worry too much about it. I try to write about what works for me or what I’ve seen work for my users. *shrug*

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s