Tech Cyber Security Specialist, Director at a financial services firm with 10,001+ employees
Real User
Top 20
2024-11-22T16:08:17Z
Nov 22, 2024
The stability of the tool can be improved. There are some limitations, but they tend to be more from outside of the tool rather than within it. The limitations often come from operators who may lack the necessary expertise to utilize the tool effectively.
Cyber Security Engineer at a tech services company with 51-200 employees
Real User
Top 20
2024-07-30T10:33:00Z
Jul 30, 2024
Probably its delivery methods could be improved. It might need some improvements on its spear phishing module. You can clone a web page, and then you can spear phish a target, and the target connects to your beacon. I believe that it needs to be more modernized to the current standards of multi-factor authentication bypass. Although there are already tools that actually do that, like Evilginx that’s been used as a proxy server, I truly believe Cobalt Strike could do something like that. I believe if Cobalt modernize this specific feature to try to bypass multi-factor authentication, it’s gonna be something. I’m not aware if it’s actually a feature in the latest Cobalt Strike updates, but from my version, I don’t see that it’s possible right now. I don’t think AI is at the stage where it can conduct such complex operations. AI is mostly being used to create phishing templates, very simple stuff. AI is not mature enough to do something more complex, although I truly believe that in a few years, it might have such capabilities.
Breach and Attack Simulation (BAS) software solutions are designed to help you identify and address vulnerabilities within your security posture. By simulating cyber-attacks in a controlled environment, BAS tools allow continuous assessment and validation of your security controls, ensuring they are operating effectively against evolving threats.
BAS software provides an automated and consistent method to simulate real-world attack scenarios in your network. These solutions enable continuous...
The stability of the tool can be improved. There are some limitations, but they tend to be more from outside of the tool rather than within it. The limitations often come from operators who may lack the necessary expertise to utilize the tool effectively.
Probably its delivery methods could be improved. It might need some improvements on its spear phishing module. You can clone a web page, and then you can spear phish a target, and the target connects to your beacon. I believe that it needs to be more modernized to the current standards of multi-factor authentication bypass. Although there are already tools that actually do that, like Evilginx that’s been used as a proxy server, I truly believe Cobalt Strike could do something like that. I believe if Cobalt modernize this specific feature to try to bypass multi-factor authentication, it’s gonna be something. I’m not aware if it’s actually a feature in the latest Cobalt Strike updates, but from my version, I don’t see that it’s possible right now. I don’t think AI is at the stage where it can conduct such complex operations. AI is mostly being used to create phishing templates, very simple stuff. AI is not mature enough to do something more complex, although I truly believe that in a few years, it might have such capabilities.