Cobalt Strike

Software for Adversary Simulations and Red Team Operations

Cobalt Strike is a powerful threat emulation tool that provides a post-exploitation agent and covert channels ideal for Adversary Simulations and Red Team exercises. With Cobalt Strike, companies can emulate the tactics and techniques of a quiet long-term embedded threat actor in an IT network. Malleable C2 lets you change your network indicators to look like different malware each time. These tools complement Cobalt Strike's solid social engineering process, its robust collaboration capability, and unique reports designed to aid blue team training.

Pivoting with Cobalt Strike

Key Features

Beacon, Cobalt Strike's post-exploitation payload, models the behavior of advanced attackers during adversary simulations and red team engagements. Beacon can gain an initial foothold by being embedded into an executable, added to a document, delivered as a client-side exploit, and more. From there, Beacon can be perform reconnaissance, execute arbitrary commands, deploy additional payloads, and more.

Cobalt Strike’s Command and Control (C2) framework is designed to be easily modified to meet the needs of the operator. Users can incorporate their own personalized tools and techniques or can browse the Community Kit to utilize tools published by others in the Cobalt Strike user community.

Cobalt Strike has a robust user community that is active on multiple platforms and can regularly be found engaging with one another on Slack in the #aggressor channel within the Bloodhound Gang Slack workspace or the Cobalt Strike area in the Red Siege Discord. The Cobalt Strike R&D team maintains a presence on these platforms and also readily listens to and incorporates customer requests, ensuring that the user community helps shape the product roadmap.

Beacon provides several communication channels to reduce the risk of being identified. Malleable C2 profiles can be created to change network indicators to either mask Beacon activity or simulate real-world ATPs. Networks can be egressed using HTTP, HTTPS, and DNS. Peer-to-peer Beacon connections can be established via TCP, or via named pipes using SMB.

The Cobalt Strike Arsenal Kit is a collection of customizable tools that enable users to better simulate real-world adversary tactics and techniques. Operators can leverage tools such as the Sleep Mask Kit and User Defined Reflective Loaders to change how the software operates, tailoring it to suit each engagement.

Cobalt Strike has multiple reporting options for data synthesis and further analysis. Report types include:

  • Activity
  • Hosts
  • Indicators of Compromise
  • Sessions
  • Social Engineering
  • Tactics, Techniques, Procedures

Interoperable Products

While Cobalt Strike excels when operating independently, its features can be further enhanced by working in tandem with other tools. The following tools can be used together throughout engagements using features like session passing and tunneling capabilities.
Core Impact
Outflank Security Tooling (OST)

Cobalt Strike Pricing

New Cobalt Strike licenses cost as low as $3,540*, per user for a one-year license.

If you’re interested in more details on cost check out the full pricing page. 

* bundle pricing

Featured Product Bundles

Cobalt Strike can be bundled with other offensive security products and purchased at a discounted cost.
Cobalt Strike & Outflank Security Tooling
Cobalt Strike, Core Impact, & Outflank Security Tooling

Want to see what Cobalt Strike can do for your organization?