Cobalt Strike 🤡 Code leaked out

Source code allegedly belonging to commercial penetration testing software Cobalt Strike has been published on GitHub, potentially providing a new path for hackers to attack companies.

Cobalt Strike, which pitches itself as a legitimate pen testing solution, has been controversial for years thanks to its use by hacking groups, though they had to pay $3,500 per year for a license to use the software or use a pirated copy. The alleged code could potentially allow more hackers to use the software for nefarious purposes or develop new versions of the product.

The code appears to be the Java code from the software that has been manually decompiled and then edited to fix any dependencies and remove the license check so it could be compiled.

The code said to have appeared on GitHub 12 days ago and has already been forked 172 times. The timing may be relevant, since a major attack involving Cobalt Strike and targeting Microsoft Teams was reported Nov. 10. Another attack that took advantage of unpatched Oracle WebLogic servers involving Cobalt Strike was reported Nov. 5.

While the allegations that the Cobalt Strike source code was posted to GitHub are unconfirmed, it certainly appears to at least be derivative of Cobalt Strike’s product. Actual risk lies in using the tool more powerful and in newly discovered vulnerability. Patch quickly as possible if exploits discovered.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s