Core Security Cobalt Strike

Cobalt Strike is a threat emulation platform used for adversary simulations and red team exercises. It provides a post-exploitation agent called Beacon and covert communication channels to model the behavior of advanced threat actors within IT networks. **Beacon (Post-Exploitation Agent)** Beacon is the core payload of Cobalt Strike. It can be embedded into executables, documents, or delivered via client-side exploits to gain an initial foothold. Once deployed, it supports reconnaissance, arbitrary command execution, and additional payload deployment. **Command and Control (C2)** Cobalt Strike's C2 framework is built to be operator-customizable. Malleable C2 profiles allow operators to alter network indicators to either mask Beacon traffic or simulate real-world advanced persistent threats (APTs). Network egress is supported over HTTP, HTTPS, and DNS. Peer-to-peer Beacon connections can be established via TCP or SMB named pipes. **Arsenal Kit** A collection of customizable offensive tools including the Sleep Mask Kit and User Defined Reflective Loaders, enabling operators to tailor how the software behaves during engagements. **Reporting and Logging** Cobalt Strike generates multiple report types including Activity, Hosts, Indicators of Compromise, Sessions, Social Engineering, and Tactics/Techniques/Procedures (TTPs). **Community and Extensibility** Users can extend Cobalt Strike via the Community Kit, a repository of tools published by the user community. The platform also supports integration with other offensive security tools via session passing and tunneling.