Cobalt Strike

Software for Adversary Simulations and Red Team Operations

WATCH A DEMO REQUEST PRICING

Cobalt Strike is a powerful threat emulation tool that provides a post-exploitation agent and covert channels ideal for Adversary Simulations and Red Team exercises. With Cobalt Strike, companies can emulate the tactics and techniques of a quiet long-term embedded threat actor in an IT network. Malleable C2 lets you change your network indicators to look like different malware each time. These tools complement Cobalt Strike's solid social engineering process, its robust collaboration capability, and unique reports designed to aid blue team training.

Pivoting with Cobalt Strike

Key Features

View the datasheet >

Beacon, Cobalt Strike's post-exploitation payload, models the behavior of advanced attackers during adversary simulations and red team engagements. Beacon can gain an initial foothold by being embedded into an executable, added to a document, delivered as a client-side exploit, and more. From there, Beacon can be perform reconnaissance, execute arbitrary commands, deploy additional payloads, and more.

Cobalt Strike’s Command and Control (C2) framework is designed to be easily modified to meet the needs of the operator. Users can incorporate their own personalized tools and techniques or can browse the Community Kit to utilize tools published by others in the Cobalt Strike user community.

Cobalt Strike has a robust user community that is active on multiple platforms and can regularly be found engaging with one another on Slack in the #aggressor channel within the Bloodhound Gang Slack workspace or the Cobalt Strike area in the Red Siege Discord. The Cobalt Strike R&D team maintains a presence on these platforms and also readily listens to and incorporates customer requests, ensuring that the user community helps shape the product roadmap.

Beacon provides several communication channels to reduce the risk of being identified. Malleable C2 profiles can be created to change network indicators to either mask Beacon activity or simulate real-world ATPs. Networks can be egressed using HTTP, HTTPS, and DNS. Peer-to-peer Beacon connections can be established via TCP, or via named pipes using SMB.

The Cobalt Strike Arsenal Kit is a collection of customizable tools that enable users to better simulate real-world adversary tactics and techniques. Operators can leverage tools such as the Sleep Mask Kit and User Defined Reflective Loaders to change how the software operates, tailoring it to suit each engagement.

Cobalt Strike has multiple reporting options for data synthesis and further analysis. Report types include:

  • Activity
  • Hosts
  • Indicators of Compromise
  • Sessions
  • Social Engineering
  • Tactics, Techniques, Procedures

Interoperable Products

While Cobalt Strike excels when operating independently, its features can be further enhanced by working in tandem with other tools. The following tools can be used together throughout engagements using features like session passing and tunneling capabilities.
Core Impact

Core Impact centralizes the pen testing process, enabling efficient exploitation of vulnerabilities and allowing advanced testers to focus on more difficult tasks by automating routine tests.

Outflank Security Tooling (OST)
OST is an advanced offensive security toolset that focuses on evading defensive measures and detection tools and enables red teamers to safely perform complex tasks throughout an engagement.

Cobalt Strike Pricing

New Cobalt Strike licenses cost as low as $3,540*, per user for a one-year license.

If you’re interested in more details on cost check out the full pricing page. 

* bundle pricing

REQUEST PRICING

Featured Product Bundles

Cobalt Strike can be bundled with other offensive security products and purchased at a discounted cost.
COBALT STRIKE & CORE IMPACT

Advanced Bundle

Run both advanced pen tests and post-exploitation scenarios and take advantage of interopability features.

Cobalt Strike & Outflank Security Tooling

Red Team Bundle

Run sophisticated attack simulations designed to bypass defensive measures and detection tools with ease.

Cobalt Strike, Core Impact, & Outflank Security Tooling

Advanced Red Team Bundle

Rapidly mature and centralize your security assessments with complementary, interopable tools.

BROWSE ALL PRODUCT BUNDLES

Want to see what Cobalt Strike can do for your organization?

REQUEST A QUOTE