Posts Tagged ‘penetration testing’

h1

Covert VPN – Layer 2 Pivoting for Cobalt Strike

September 5, 2012

Currently, I’m debating a class of social engineering “packages” to force SMB requests against an attacker controlled system. Ideas include packages to generate LNK files, host a WPAD server, etc.

This created a bit of an identity crisis though. I see Cobalt Strike as a tool for a penetration tester to emulate the capabilities of a motivated external actor. Sadly, many awesome SMB attacks require a physical presence on the target’s network.

To put this issue to rest, I decided to build a feature to allow a motivated external attacker the ability to work as-if they are physically present on the target’s network. This feature is Covert VPN.

Deploy Covert VPN

Covert VPN is a layer 2 pivoting capability for Cobalt Strike. It creates a network interface on your system that is bridged into the target’s network through a channel of your choosing. Covert VPN can tunnel its traffic over UDP, TCP, or HTTP channels

Once an interface is active, you can sniff packets, start rogue services, use external scanners and attack tools–pretty much whatever you want.

Covert VPN is in the latest version of Cobalt Strike. A 21-day trial is available as well. Try it out and let me know what you think.

h1

Meet Cobalt Strike: Adaptive Pen Testing

June 14, 2012

If you’re reading this, you’re likely aware of the Armitage project. Fed by your enthusiasm and feedback, Armitage has enjoyed a rapid pace of development since its inception. I left a security engineer role one year ago to search out how to properly nurture this project and its ideas going forward. This search led to some exciting initiatives, one that I’m announcing, right now.

I’d like to introduce you to Armitage’s big brother: Cobalt Strike

Cobalt Strike is a penetration testing suite built for threat emulation. I say suite, because it’s not just software. It’s documentation, online training, and a set of tools to help you execute an adaptive penetration test.

Cobalt Strike adds client-side reconnaissance, spear phishing, web drive-by attacks, and reporting to Armitage’s red team collaboration and post-exploitation capabilities.

Now that you’ve met Cobalt Strike, here are the next steps:

1. Watch the Cobalt Strike trailer to get a taste of Cobalt Strike

2. Visit the Cobalt Strike website and request a trial to try Cobalt Strike

3. Get Cobalt Strike into your organization: buy online or request a quote.

Live Training at BlackHat USA

If you’re ready to add Adaptive Penetration Testing to your organization’s skill set, I recommend signing up for the BlackHat USA course run by the Veris Group. This course is a vendor neutral offering, but those who attend will have an opportunity to play with Cobalt Strike under the guidance of a seasoned instructor team.

The instructors David, Jason, and Chris are among the early adopters who helped shape this product.

And, what about Armitage?

Armitage, Cobalt Strike, and my security research initiatives are now under the banner of Strategic Cyber LLC. The formation of this company is an exciting opportunity. I can now work more formally with many of you and strengthen new and existing relationships.

Armitage will enjoy the same development pace and it will stay open source, always. Even better, I’m releasing something really big for Armitage at DEFCON 20.

I hope to see you there!

— Raphael


Raphael Mudge
Principal, Strategic Cyber LLC
http://www.advancedpentest.com/
1-888-761-7773

Bloggers and Journalists: More information about Strategic Cyber LLC and Cobalt Strike is available in our press kit.