Tech Cyber Security Specialist, Director at a financial services firm with 10,001+ employees
Real User
Top 20
2024-11-22T16:08:17Z
Nov 22, 2024
The stability of the tool can be improved. There are some limitations, but they tend to be more from outside of the tool rather than within it. The limitations often come from operators who may lack the necessary expertise to utilize the tool effectively.
Cyber Security Engineer at a tech services company with 51-200 employees
Real User
Top 20
2024-07-30T10:33:00Z
Jul 30, 2024
Probably its delivery methods could be improved. It might need some improvements on its spear phishing module. You can clone a web page, and then you can spear phish a target, and the target connects to your beacon. I believe that it needs to be more modernized to the current standards of multi-factor authentication bypass. Although there are already tools that actually do that, like Evilginx that’s been used as a proxy server, I truly believe Cobalt Strike could do something like that. I believe if Cobalt modernize this specific feature to try to bypass multi-factor authentication, it’s gonna be something. I’m not aware if it’s actually a feature in the latest Cobalt Strike updates, but from my version, I don’t see that it’s possible right now. I don’t think AI is at the stage where it can conduct such complex operations. AI is mostly being used to create phishing templates, very simple stuff. AI is not mature enough to do something more complex, although I truly believe that in a few years, it might have such capabilities.
Breach and Attack Simulation (BAS) tools provide continuous and automated security validation by simulating advanced attack scenarios to identify and fix vulnerabilities. These tools help organizations strengthen their cybersecurity posture effectively.
Organizations use BAS solutions to assess their security controls by replicating potential attacks that could be used by cyber adversaries. This allows security teams to proactively manage and mitigate risks. BAS platforms often...
The stability of the tool can be improved. There are some limitations, but they tend to be more from outside of the tool rather than within it. The limitations often come from operators who may lack the necessary expertise to utilize the tool effectively.
Probably its delivery methods could be improved. It might need some improvements on its spear phishing module. You can clone a web page, and then you can spear phish a target, and the target connects to your beacon. I believe that it needs to be more modernized to the current standards of multi-factor authentication bypass. Although there are already tools that actually do that, like Evilginx that’s been used as a proxy server, I truly believe Cobalt Strike could do something like that. I believe if Cobalt modernize this specific feature to try to bypass multi-factor authentication, it’s gonna be something. I’m not aware if it’s actually a feature in the latest Cobalt Strike updates, but from my version, I don’t see that it’s possible right now. I don’t think AI is at the stage where it can conduct such complex operations. AI is mostly being used to create phishing templates, very simple stuff. AI is not mature enough to do something more complex, although I truly believe that in a few years, it might have such capabilities.