Principles of operation and detection on the target system of the dual purpose tool Cobalt Strike

Abstract

The article investigates the nature of the functioning of the dual-purpose tool Cobalt Strike, which actively uses APT (Advanced Persistent Threat) in its arsenal primarily to gain unauthorized access to information systems and their information assets. Considering the extent of the widespread use of Cobalt Strike, it is advisable to consider the principle of its operation and possible measures to counter its penetration into the information systems of objects of critical information infrastructure.