- May 4, 2019
- 801
The source code for the widely-used Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository.
Cobalt Strike is a legitimate penetration testing toolkit that allows attackers to deploy "beacons" on compromised devices to remotely "create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system."
Cobalt Strike is an immensely popular tool among threat actors who use cracked versions to gain persistent remote access to a compromised network. This tool is commonly seen used during ransomware attacks.
Alleged source code of Cobalt Strike toolkit shared online
The source code for the widely-used Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository.
www.bleepingcomputer.com