Fascinating!
--which will scatter-gun jillions of nodes. Soon. UGLY. Portentous. Fascinating for those of us Not responsible for any network.
Of course, this level is waay beyond my ken, but this link (from replies) gives a You Tube demo of Cobalt Strike (a mere $2500--apparently cheap for those who Need it)
Its author: (He designed open-source Armitage; info in replies on this You Tube page)
http://www.youtube.c...ded&v=S_ejYRTM8J0
Raphael Mudge 5 months ago
Cobalt Strike is a commercial tool. If you'd like something free, Armitage is the open source version of Cobalt Strike. As for release outside of the United States... it's coming. Cobalt Strike is penetration testing software and there are specific things I am required to do before I can legally export it. Once these things are complete and my export control program is sound, Cobalt Strike will be available in many other countries (not all though).
Anyway, better than a NYTimes Crossword for this tyro.. then there's the ominous ... think Jaws ... accompanying audio!
Seems a boggling set of automated aps, scary to imagine script-kiddies so amplifying their capabilities via just *this* program,
and clearly: a hint of the future sort of Hell a Sys Admin must now be prepared to Duel-in. :-/
Cobalt Strike adds tools to generate social engineering packages, host web drive-by attacks, spear phishing attacks, and reporting to what Armitage already does. This is just the first release though. There is a very exciting roadmap behind this product, stay tuned. :)
The use of "low-level 'tool'-employees" for 'social engineering' exploits is now a mere Item in a Menu!
Jeez.. even as a suspenseful tale unfolding, this video beats Hollywood's made-up screenies by a kilometer!
Noting how The Beast's mshtml vulnerabilities are a mere menu-item, among many.. why the program is a veritable Symphony
... being played by the user--like an audio patchboard/console, probably with pauses built in .. .. .. so as not to tip hand! being played.
A pop-up message in demo:
Pass the Hash
Use captured password hashes to attack those pesky patched systems
At my level of comprehension (grokking somewhat the various actions occurring with such fluidity)--it's a scary reminder that probably,
ere long, the entire Intarweb shall have to be redesigned with reinforced code-concrete + user authentication --via quite more than a PW.
(And the longer all those multi-$B doze "Servers" with their (n+1) not-yet-found buffer problems, remain in service by pitiful Corps?
Won't that clinch both the formal-Death of Ballmer's Boys AND force this redesign?)
Seems anti-possible that all that Doze stuff could be replaced in << a generation,
but ya never Know.
And the Pols won't comprehend the magnitude/the intricacy/the WORK, that will underlay any such Redesign, thus refuse to fund that until ... ...
[think: the prevailing attitude of Unconcern today re planetary health, Period.]
W.T.F. would want to be the CTO of any major [or minor?] Corp. given this thermo-digital War clearly already afoot??
I wish youse guys, each of you: success re. finding in-time, New alternatives to: FIXING all this STUFF/daily!!
Anyway, thanks for the Show and ... ... condolences :-/