Alleged source code of Cobalt Strike toolkit shared online

Correlate

Level 16
Thread author
Verified
Top poster
Well-known
May 4, 2019
743
The source code for the widely-used Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository.

Cobalt Strike is a legitimate penetration testing toolkit that allows attackers to deploy "beacons" on compromised devices to remotely "create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system."

Cobalt Strike is an immensely popular tool among threat actors who use cracked versions to gain persistent remote access to a compromised network. This tool is commonly seen used during ransomware attacks.