Notice: This content is for Cobalt Strike 2.5. It's kept here for users working with the old version. The homepage for the latest Cobalt Strike is at There you will find Advanced Threat Tactics, the 2015 successor to this course.

Tradecraft is a free course on red team operations. This course will provide the background and skills necessary to execute a targeted attack as an external actor with Cobalt Strike. To go beyond the material here, read the course notes.

1. Introduction

This segment introduces the Metasploit® Framework and Cobalt Strike with an orientation to how both tools are organized.

2. Basic Exploitation (Hacking circa 2003)

This lecture shows how to pick the right remote exploit, leverage brute forced credentials, and pivot through SSH.

3. Getting a Foothold

This lecture takes you through the client-side attack process. How to map the client-side attack surface, setup a listener, pick a memory corruption exploit, and (preferably) use features to get a foothold.

4. Social Engineering

This lecture shows you how to setup a watering hole attack, create a phishing site, and get people to visit your attack through spear phishing.

5. Post Exploitation with Beacon

This lecture dives into Cobalt Strike's Beacon. Learn how to manage Beacon's data channels, get an overview of its commands, and use Beacon to pivot into a network.

6. Post Exploitation with Meterpreter

This video digs into interactive post-exploitation with Meterpreter. You will learn how to use Meterpreter, pivot through the target's browser, escalate privileges, pivot, and use external tools through a pivot.

7. Lateral Movement

This installment covers lateral movement. You'll learn how to enumerate hosts and systems with built-in Windows commands, steal tokens, interrogate hosts to steal data, and use just Windows commands to compromise a fully-patched system by abusing trust relationships.

8. Offense in Depth

This segment revisits the process to get a foothold with a map of the defenses you'll encounter. You'll learn how to avoid or get past defenses that prevent message delivery, prevent code execution, and detect or stop command and control.

9. Operations

This last chapter covers operations. Learn how to collaborate during a red team engagement, manage multiple team servers from one client, and load scripts to augment Cobalt Strike.