Security news aggregator

Latest coverage for Cobalt Strike

Stay informed on Cobalt Strike-related threats. Get the latest news, analyses, and trends in information security with our focused coverage.

4 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Cobalt Strike is a commercial penetration testing tool designed to simulate advanced attacker behaviors, including command and control (C2) communication, lateral movement, and data exfiltration. Originally intended for red team exercises, it provides features such as customizable payloads, beacon implants, and post-exploitation modules that mimic real-world attack techniques.

Its dual-use nature means threat actors often repurpose Cobalt Strike for unauthorized intrusions, leveraging its stealthy C2 channels and modular capabilities to maintain persistence and evade detection. Security teams should monitor for Cobalt Strike indicators like unusual beacon traffic and employ endpoint detection strategies focused on its known payload behaviors to mitigate risks associated with its misuse.

Showing 4 most recent headlines Filtered view

Researchers have disclosed a new offensive framework called Manjusaka that they call a "Chinese sibling of Sliver and Cobalt Strike." "A fully functional version of the command-and-control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.  According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server