Cobalt Strike is known in the industry as a popular penetration testing software designed to allow red teams, penetration testers, and consultants to execute sophisticated attacks on systems.
In an effort to better simulate the distributed nature of today’s persistent attacks, Cobalt Strike added full support for redirectors last week, according to a blog post by Raphael Mudge, founder of Strategic Cyber LLC and the developer of Cobalt Strike. Redirectors proxy all traffic to a command-and-control server, and can take the form of cheap Amazon EC2 instances.
Mudge’s blog post explains how to setup redirectors that give one Cobalt Strike instance multiple points of presence on the internet. The configurations described would attempt to send the payload via multiple redirectors even if some redirectors get blocked by the target system.
Security personnel are increasingly dealing with large-scale attacks distributed across cloud services. According to research recently released by Arbor Networks, DDoS attacks grew enormously in 2013. The average DDoS occurrence in 2013 was 2.64Gb/sec, a 78 percent increase from 2012.