<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">kaz44</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Университета Шакарима. Серия технические науки</journal-title><trans-title-group xml:lang="en"><trans-title>Bulletin of Shakarim University. Technical Sciences</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2788-7995</issn><issn pub-type="epub">3006-0524</issn><publisher><publisher-name>«Шәкәрім университеті» КеАҚ</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.53360/2788-7995-2023-4(12)-7</article-id><article-id custom-type="elpub" pub-id-type="custom">kaz44-554</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>АВТОМАТИЗАЦИЯ И ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ (ОРИГИНАЛЬНАЯ СТАТЬЯ)</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>AUTOMATION AND INFORMATION TECHNOLOGY (ORIGINAL ARTICLE)</subject></subj-group></article-categories><title-group><article-title>Детальный анализ инструмента Cobalt Strike</article-title><trans-title-group xml:lang="en"><trans-title>A Deep Dive into Cobalt Strike Tool</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0001-6006-4813</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Шайханова</surname><given-names>А. К.</given-names></name><name name-style="western" xml:lang="en"><surname>Shaikhanova</surname><given-names>A. K.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Айгуль Кайрулаевна Шайханова – профессор кафедры «Информационной безопасности»</p><p>010000, г. Астана, ул. Сатбаева, 2</p></bio><bio xml:lang="en"><p>Aigul Kairulaevna Shaikhanova – professor of the department of Information Security</p><p>010000, Astana, Satpayev Str., 2</p></bio><email xlink:type="simple">shaikhanova_ak@enu.kz</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0003-5364-9903</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Кадыров</surname><given-names>Д. С.</given-names></name><name name-style="western" xml:lang="en"><surname>Kadyrov</surname><given-names>D. S.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Дамир Серикович Кадыров – магистрант 2-го курса; специальность инфорационной безопасности</p><p>010000,  г. Астана, ул. Сатбаева, 2 </p></bio><bio xml:lang="en"><p>Damir Serikovich Kadyrov – 2st year master’s degree; specialty of information security</p><p>010000,  Astana, Satpayev Str., 2</p></bio><email xlink:type="simple">010422551083@enu.kz</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru">Евразийский национальный университет им. Л.Гумилева<country>Казахстан</country></aff><aff xml:lang="en">Eurasian National University named after L.N. Gumilyov<country>Kazakhstan</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2023</year></pub-date><pub-date pub-type="epub"><day>28</day><month>12</month><year>2023</year></pub-date><volume>1</volume><issue>4(12)</issue><fpage>46</fpage><lpage>52</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Шайханова А.К., Кадыров Д.С., 2024</copyright-statement><copyright-year>2024</copyright-year><copyright-holder xml:lang="ru">Шайханова А.К., Кадыров Д.С.</copyright-holder><copyright-holder xml:lang="en">Shaikhanova A.K., Kadyrov D.S.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://tech.vestnik.shakarim.kz/jour/article/view/554">https://tech.vestnik.shakarim.kz/jour/article/view/554</self-uri><abstract><p>Cobalt Strike – популярный коммерческий инструмент для тестирования на проникновение, который также широко используется в кибератаках. В этом документе представлен обзор Cobalt Strike и его использования в кибератаках, включая анализ тактики, методов и тенденций, связанных с его использованием. Проведен обзор литературы и анализ данных академических исследований, отраслевых отчетов и новостных статей о Cobalt Strike и его использовании в кибератаках, а также тематических исследований конкретных атак с использованием Cobalt Strike. Это исследование основано на случаях, когда Cobalt Strike использовался в самых разных атаках: атаках программ-вымогателей, шпионских кампаниях и сложных постоянных угрозах. Злоумышленники, использующие Cobalt Strike, как правило, очень изощренны и мотивированы рядом факторов, включая финансовую выгоду, политический шпионаж и кибервойну. Гибкость и адаптируемость этого инструмента делают его серьезной угрозой для организаций, стремящихся защититься от кибератак. Наше исследование выделяет ключевые особенности и подробно объясняет логическую структуру Cobalt Strike. </p></abstract><trans-abstract xml:lang="en"><p>Cobalt Strike is a popular commercial penetration testing tool that has also been widely used in cyber attacks. This paper provides a review of the Cobalt Strike and its use in cyber attacks, including an analysis of the tactics, techniques, and trends associated with its use. Conducted a literature review and data analysis of academic research, industry reports, and news articles on Cobalt Strike and its use in cyber attacks, as well as case studies of specific attacks involving Cobalt Strike. This research is based on cases in which Cobalt Strike has been used in a wide range of attacks: ransomware attacks, espionage campaigns, and advanced persistent threats. Attackers using Cobalt Strike tend to be highly sophisticated and motivated by a range of factors, including financial gain, political espionage, and cyber warfare. The tool's flexibility and adaptability make it a formidable threat to organizations seeking to defend against cyber attacks. Our research highlights key features and explains thoroughly the logical structure of the Cobalt Strike. </p></trans-abstract><kwd-group xml:lang="ru"><kwd>Инфраструктура управления и контроля (C2)</kwd><kwd>тестирование на проникновение</kwd><kwd>пост-эксплуатация</kwd><kwd>Cobalt Strike</kwd><kwd>сеть</kwd></kwd-group><kwd-group xml:lang="en"><kwd>Command and Control (C2)</kwd><kwd>penetration testing</kwd><kwd>post-exploitation</kwd><kwd>Cobalt Strike</kwd><kwd>network</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Navarrete C., Sangvikar D. Cobalt strike analysis and tutorial: Identifying beacon team servers in the wild [Электрон. ресурс]. - 2022. - URL: https://unit42.paloaltonetworks.com/cobalt-strike-team-server (дата обращения: 03.11.2023).</mixed-citation><mixed-citation xml:lang="en">Navarrete C., Sangvikar D. Cobalt strike analysis and tutorial: Identifying beacon team servers in the wild [Электрон. ресурс]. - 2022. - URL: https://unit42.paloaltonetworks.com/cobalt-strike-team-server (дата обращения: 03.11.2023).</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Hinchliffe A. PKPLUG: Chinese Cyber Espionage Group attacking Southeast Asia [Электрон. ресурс]. -2019. - URL: https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia (дата обращения: 03.10.2023)</mixed-citation><mixed-citation xml:lang="en">Hinchliffe A. PKPLUG: Chinese Cyber Espionage Group attacking Southeast Asia [Электрон. ресурс]. -2019. - URL: https://unit42.paloaltonetworks.com/pkplug_chinese_cyber_espionage_group_attacking_asia (дата обращения: 03.10.2023)</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Sinclair G. Making cobalt strike harder for threat actors to abuse | google cloud blog [Электронный ресурс]. - 2022. - URL: https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse (дата обращения: 18.11.2023).</mixed-citation><mixed-citation xml:lang="en">Sinclair G. Making cobalt strike harder for threat actors to abuse | google cloud blog [Электронный ресурс]. - 2022. - URL: https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse (дата обращения: 18.11.2023).</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">CFCS. Investigation report: SolarWinds: State-sponsored global software supply chain attack [Электрон. ресурс]. - 2021 - URL: https://www.cfcs.dk/globalassets/cfcs/dokumenter/rapporter/en/CFCS-solarwinds-report-EN.pdf (дата обращения: 10.04.2023).</mixed-citation><mixed-citation xml:lang="en">CFCS. Investigation report: SolarWinds: State-sponsored global software supply chain attack [Электрон. ресурс]. - 2021 - URL: https://www.cfcs.dk/globalassets/cfcs/dokumenter/rapporter/en/CFCS-solarwinds-report-EN.pdf (дата обращения: 10.04.2023).</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Fortra. Cobalt Strike User Guide [Электрон ресурс]. - 2023 - URL: https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/welcome_main.htm (дата обращения: 10.09.2023).</mixed-citation><mixed-citation xml:lang="en">Fortra. Cobalt Strike User Guide [Электрон ресурс]. - 2023 - URL: https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/welcome_main.htm (дата обращения: 10.09.2023).</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Dark, M., Epstein, R.A., Morales, L., Countermine, T.A., &amp; Ali, M.Y. (2006). A Framework for Information Security Ethics Education. Center for Research and Education in Information Assurance and Security.</mixed-citation><mixed-citation xml:lang="en">Dark, M., Epstein, R.A., Morales, L., Countermine, T.A., &amp; Ali, M.Y. (2006). A Framework for Information Security Ethics Education. Center for Research and Education in Information Assurance and Security.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Hasan R. и др. Artificial intelligence based model for incident response // 2011 International Conference on Information Management, Innovation Management and Industrial Engineering. - 2011. - С. 91–93.</mixed-citation><mixed-citation xml:lang="en">Hasan R. и др. Artificial intelligence based model for incident response // 2011 International Conference on Information Management, Innovation Management and Industrial Engineering. - 2011. - С. 91–93.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Kruse W.G., Heiser J.G. Computer forensics: Incident response essentials. - Boston: Addison-Wesley, 2008. - c. 416</mixed-citation><mixed-citation xml:lang="en">Kruse W.G., Heiser J.G. Computer forensics: Incident response essentials. - Boston: Addison-Wesley, 2008.  - c. 416</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
