Cobalt Strike Penetration Testing Labs (Download)

June 4, 2015

My primary conference give away is a DVD with a self-contained penetration testing lab. This DVD covers the Metasploit Framework‘s capability to target a server. It also covers the client-side attack process in Cobalt Strike. It’s a pretty neat set of labs and they don’t take too long to go through.

Cobalt Strike Boxed Set

I’ve had several requests to put these labs online. If you’re one of those interested parties, then today is your lucky day. The Cobalt Strike Pen Testing Lab DVD material is now available for download.

To start, you’ll want to grab the necessary virtual machines:

1. Morning Catch (Phishing Target)

2. Metasploitable 2

3. Xubuntu Attack VM with CS dependencies and stuff to support the labs

Next, you’ll want to download the penetration testing lab book. Last, you’ll need to grab a trial of Cobalt Strike and install it on the Xubuntu virtual machine above.

Once you have these things, you’re ready to rock. If you get stuck, here’s a video of me going through the labs:



  1. DUUUUUUUuuuuuuude! Thank you!

  2. Thank you very very much~

  3. I’m just getting everything downloaded and the vm’s are booting up- from one random stranger on the internet to another, Thank you!

  4. You are absolutely the best !

    Had the best year-end break ever, just going through a LOT of your blogs and videos.

    The content and way you have explained it, embody your passion and zeal for both the subject matter and the kindness to share what you know and built, freely with the community.

    You are a legend and will be one of my heroes to look up to going forward.

    Thank you !

  5. would please update this lab, it’s not exactly same steps with last version of cobaltstrike

    • I would love to do this, but… the version of WINE on my lab VM isn’t capable of demonstrating many of Beacons features. I don’t think the refreshed lab (with these free targets) would be that interesting.

  6. Does anybody have a copy of the lab book and VM , I cannot find it anymore 😦

Leave a Reply to Joshua Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s