Cobalt Strike

Software for Adversary Simulations and Red Team Operations


Cobalt Strike is a powerful threat emulation tool that provides a post-exploitation agent and covert channels ideal for Adversary Simulations and Red Team exercises. With Cobalt Strike, companies can emulate the tactics and techniques of a quiet long-term embedded threat actor in an IT network. Malleable C2 lets you change your network indicators to look like different malware each time. These tools complement Cobalt Strike's solid social engineering process, its robust collaboration capability, and unique reports designed to aid blue team training.



Key Features

Post Exploitation

post exploitation

Beacon, Cobalt Strike's post-exploitation payload, executes PowerShell scripts, logs keystrokes, takes screenshots, downloads files, and spawns other payloads.

Straightforward Pricing


New Cobalt Strike licenses cost $3,500 per user for a one year license. Cobalt Strike can also be bundled with our penetration testing solution, Core Impact, for a reduced price. For more information, check out our pricing page.

A Framework Built for Flexibility

keystroke logging

Tailored Scripts

Users can modify built-in scripts or write their own using Cobalt Strike’s scripting language, Aggressor Script. New scripts are easily uploaded and managed in the Script Console, where you can trace, profile, debug, and further interact with scripts.


Adjustable Attack Kits

Kits downloaded from the Cobalt Strike arsenal can be altered to suit the needs of each engagement. For example, script templates from the Resource Kit, which is used in workflows, can be redefined. Additionally, users can create their own Beacon Object File (BOF) to expand the Beacon agent with post-exploitation features.


Interoperability with Core Impact

Organizations with both Core Impact and Cobalt Strike can take advantage of session passing and tunneling capabilities between these two tools. Beacon can be deployed from within Core Impact and users can spawn a Core Impact agent from within Cobalt Strike.

adversary simulation

Community Kit

Users are encouraged to extend Cobalt Strike’s capabilities by creating their own tools. The Community Kit serves as a central repository for projects from the user community so fellow security professionals may also benefit from these extensions.

A Brief History of Cobalt Strike


Raphael Mudge created Cobalt Strike in 2012 to enable threat-representative security tests. Cobalt Strike was one of the first public red team command and control frameworks. In 2020, HelpSystems acquired Cobalt Strike to add to its Core Security portfolio. Today, Cobalt Strike is the go-to red team platform for many U.S. government, large business, and consulting organizations.

Learn more at

Want to see what Cobalt Strike can do for your organization?