Red Team Tools: Hunting for the Top 3 Tools

Red Team Tools: Cobalt Strike

Probably one of the most common red team tools employed by red teams (and a lot of adversaries, too!) today is Cobalt Strike. Cobalt Strike is a fully featured and commercially available penetration testing tool offered by Washington, DC-based Strategic Cyber LLC. The tool is advertised for “Adversary Simulations and Red Team Operations” however its significant customization and capabilities have led to its use by a wide variety of threat actors for a variety of motivations. Cobalt Strike also incorporates a variety of other post-exploitation tools, such as Mimikatz, in order to expand its functionality.

Red Team Tools: Brute Ratel

Another of the most popular red team tools used by adversaries and red teams alike is a tool referred to as Brute Ratel. Brute Ratel is an attack simulation and post-exploitation toolkit created by Chetan Nayak (a former red teamer for Mandiant and Crowdstrike), and released in 2020. The post-exploitation toolkit is a customizable command and control framework that gives users capabilities such as (but not limited to): injecting shellcode into processes, executing script execution and writing C2 channels (like Slack, Microsoft teams).

Red Team Tools: Metasploit

One of the go-to red team tools that red teams and adversaries alike are known to use widely is Metasploit. Metasploit is a very common attack framework used to aid in penetration testing and malicious activity.

Conclusion

Hunt Teams and Blue Teams can have difficulty with hunting for red team activity — often because they struggle to detect even common red team tools. Cyborg Security’s hunt team has put together a FREE collection of the most common behaviors that organizations and teams can hunt for today to detect common red team tools in action. Get your FREE Community account today using promo code “REDTEAM”!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyborg Security

Cyborg Security

452 Followers

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.