Tech Cyber Security Specialist, Director at a financial services firm with 10,001+ employees
Real User
Top 20
2024-11-22T16:08:17Z
Nov 22, 2024
The stability of the tool can be improved. There are some limitations, but they tend to be more from outside of the tool rather than within it. The limitations often come from operators who may lack the necessary expertise to utilize the tool effectively.
Cyber Security Engineer at a tech services company with 51-200 employees
Real User
Top 20
2024-07-30T10:33:00Z
Jul 30, 2024
Probably its delivery methods could be improved. It might need some improvements on its spear phishing module. You can clone a web page, and then you can spear phish a target, and the target connects to your beacon. I believe that it needs to be more modernized to the current standards of multi-factor authentication bypass. Although there are already tools that actually do that, like Evilginx that’s been used as a proxy server, I truly believe Cobalt Strike could do something like that. I believe if Cobalt modernize this specific feature to try to bypass multi-factor authentication, it’s gonna be something. I’m not aware if it’s actually a feature in the latest Cobalt Strike updates, but from my version, I don’t see that it’s possible right now. I don’t think AI is at the stage where it can conduct such complex operations. AI is mostly being used to create phishing templates, very simple stuff. AI is not mature enough to do something more complex, although I truly believe that in a few years, it might have such capabilities.
Breach and Attack Simulation (BAS) tools are advanced security solutions that help organizations assess their cybersecurity posture by simulating potential attacks and breaches. They provide insights into vulnerabilities and measure the effectiveness of existing security measures. BAS solutions are designed to continuously test an organization's security systems by imitating the actions of attackers. By using real-world attack scenarios, BAS helps identify vulnerabilities in a controlled...
The stability of the tool can be improved. There are some limitations, but they tend to be more from outside of the tool rather than within it. The limitations often come from operators who may lack the necessary expertise to utilize the tool effectively.
Probably its delivery methods could be improved. It might need some improvements on its spear phishing module. You can clone a web page, and then you can spear phish a target, and the target connects to your beacon. I believe that it needs to be more modernized to the current standards of multi-factor authentication bypass. Although there are already tools that actually do that, like Evilginx that’s been used as a proxy server, I truly believe Cobalt Strike could do something like that. I believe if Cobalt modernize this specific feature to try to bypass multi-factor authentication, it’s gonna be something. I’m not aware if it’s actually a feature in the latest Cobalt Strike updates, but from my version, I don’t see that it’s possible right now. I don’t think AI is at the stage where it can conduct such complex operations. AI is mostly being used to create phishing templates, very simple stuff. AI is not mature enough to do something more complex, although I truly believe that in a few years, it might have such capabilities.