Tech Cyber Security Specialist, Director at a financial services firm with 10,001+ employees
Real User
Top 10
Nov 22, 2024
The stability of the tool can be improved. There are some limitations, but they tend to be more from outside of the tool rather than within it. The limitations often come from operators who may lack the necessary expertise to utilize the tool effectively.
Cyber Security Engineer at a tech services company with 51-200 employees
Real User
Top 10
Jul 30, 2024
Probably its delivery methods could be improved. It might need some improvements on its spear phishing module. You can clone a web page, and then you can spear phish a target, and the target connects to your beacon. I believe that it needs to be more modernized to the current standards of multi-factor authentication bypass. Although there are already tools that actually do that, like Evilginx that’s been used as a proxy server, I truly believe Cobalt Strike could do something like that. I believe if Cobalt modernize this specific feature to try to bypass multi-factor authentication, it’s gonna be something. I’m not aware if it’s actually a feature in the latest Cobalt Strike updates, but from my version, I don’t see that it’s possible right now. I don’t think AI is at the stage where it can conduct such complex operations. AI is mostly being used to create phishing templates, very simple stuff. AI is not mature enough to do something more complex, although I truly believe that in a few years, it might have such capabilities.
Breach and Attack Simulation (BAS) tools offer organizations a way to continuously test the effectiveness of their security measures by simulating cyberattacks in a controlled environment. With the rise in cyber threats, BAS has become an essential element in corporate security strategies. These tools help identify vulnerabilities in IT infrastructure by deploying automated, simulated attacks, allowing companies to proactively find and fix weaknesses before they can be exploited. Real user...
The stability of the tool can be improved. There are some limitations, but they tend to be more from outside of the tool rather than within it. The limitations often come from operators who may lack the necessary expertise to utilize the tool effectively.
Probably its delivery methods could be improved. It might need some improvements on its spear phishing module. You can clone a web page, and then you can spear phish a target, and the target connects to your beacon. I believe that it needs to be more modernized to the current standards of multi-factor authentication bypass. Although there are already tools that actually do that, like Evilginx that’s been used as a proxy server, I truly believe Cobalt Strike could do something like that. I believe if Cobalt modernize this specific feature to try to bypass multi-factor authentication, it’s gonna be something. I’m not aware if it’s actually a feature in the latest Cobalt Strike updates, but from my version, I don’t see that it’s possible right now. I don’t think AI is at the stage where it can conduct such complex operations. AI is mostly being used to create phishing templates, very simple stuff. AI is not mature enough to do something more complex, although I truly believe that in a few years, it might have such capabilities.