Payload Artifacts and Anti-virus Evasion

Fortra regularly fields questions about evasion. Does Cobalt Strike bypass anti-virus products? Which anti-virus products does it bypass? How often is this checked?

The Cobalt Strike default artifacts will likely be snagged by most endpoint security solutions. Although evasion is not a goal of the default Cobalt Strike product, Cobalt Strike does offer some flexibility.

You, the operator, may change the executables, DLLs, applets, and script templates Cobalt Strike uses in its workflows. You may also export Cobalt Strike’s Beacon payload in a variety of formats that work with third-party tools designed to assist with evasion.

This chapter highlights the Cobalt Strike features that provide this flexibility.

 

Related Topics