12 November 2020

Alleged source code of Cobalt Strike leaked online


Alleged source code of Cobalt Strike leaked online

Decompiled source code allegedly belonging to the Cobalt Strike penetration testing software has been shared online in a GitHub repository.

Cobalt Strike is a legitimate pen testing toolkit that has been a subject of controversy for years mainly because of it use by malicious actors who utilize pirated copies of the solution to gain persistent remote access to compromised networks. The most recent examples include a campaign detected by Microsoft involving Cobalt Strike and targeting Microsoft Teams, and attacks targeting unpatched Oracle WebLogic servers aiming to deploy Cobalt Strike.

As per Bleeping Computer, nearly two weeks ago a repository appeared on GitHub, which contains what looks like source code for Cobalt Strike 4.0. The analysis of the leaked source code revealed that it is related to Cobalt Strike 4.0 released on December 5, 2019.

The leaked code appears to be the Java code from the software that has been manually decompiled and then edited to fix any dependencies and remove the license check so it could be compiled. Since the emergence on GitHub, the repository has been forked 172 times.

“Even though it is not the original source code, it is enough to be of serious concern to security professionals,” Bleeping Computer notes.

Back to the list

Latest Posts

Belden reveals data breach affecting current and former employees, business partners

Belden reveals data breach affecting current and former employees, business partners

The stolen information may have included names, birthdates, government-issued identification numbers, and bank account information.
26 November 2020
Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

Hacker leaks usernames and passwords for nearly 50K vulnerable Fortinet VPN devices

The data dump contains usernames, passwords, access levels, and the original unmasked IP addresses of users connected to the VPNs.
26 November 2020
FBI warns of spoofed FBI-related websites

FBI warns of spoofed FBI-related websites

Spoofed domains and email accounts could be used by foreign actors and cybercriminals to spread false information, deliver malware, or collect sensitive data.
25 November 2020