Attackers continue to employ commercial penetration testing tools as well as “living off the land” tactics. Cobalt Strike is marketed by its makers as “software for adversary simulations and red team operations” But attackers regularly use cracked copies of the tool to build botnets. Other tools are being used for “lateral movement,” meaning the endpoint becomes the beachhead in a longer-than-scale attack. Security experts say the security message is simple: monitoring for software inside a network can reveal an attack in progress.”]
Source: https://www.cuinfosecurity.com/blogs/block-this-now-cobalt-strike-other-red-team-tools-p-3167