Awesome write up on Raphael Mudge’s setup…
4 Likes
Cobalt Strike is cool. I love the visualization of targets. Sometimes it does feel a bit dirty to be away from the CLI of MSF though =P
It can be fun in large red team engagements where you need to share intel. Esp. if the goal of the op is to be quiet. Nothing more noiser than a group of guys going kitchen sink on the target…unless of course…you use that as cover for exfil…
This is a great writeup. I don’t know if it included using the teamserver, which I found to setup in a snap! Great set of tools.
Every time I open Cobalt Strike, I wonder why I ever bothered using msfconsole. While I’ve heard great things about MSF Pro (and I’ll have to review it someday), msfconsole’s inability to let me know what’s going on during the exploitation process can be confusing all of the time. Beacon makes this easy – and then I can just launch bypassuac or meterpreter from Beacon directly. At times, however, going back to advanced settings in metasploit-framework is all but essential. Yet still, Colbalt Strike shines through – anything you can do in metasploit-framework can be done almost easier in the Sleep-based Cortana script language, with many scripts such as veil-evasion.cna ready to go once pulled from GitHub.