Decompiled source code allegedly belonging to the Cobalt Strike penetration testing software has been shared online in a GitHub repository.
Cobalt Strike is a legitimate pen testing toolkit that has been a subject of controversy for years mainly because of it use by malicious actors who utilize pirated copies of the solution to gain persistent remote access to compromised networks. The most recent examples include a campaign detected by Microsoft involving Cobalt Strike and targeting Microsoft Teams, and attacks targeting unpatched Oracle WebLogic servers aiming to deploy Cobalt Strike.
As per Bleeping Computer, nearly two weeks ago a repository appeared on GitHub, which contains what looks like source code for Cobalt Strike 4.0. The analysis of the leaked source code revealed that it is related to Cobalt Strike 4.0 released on December 5, 2019.
The leaked code appears to be the Java code from the software that has been manually decompiled and then edited to fix any dependencies and remove the license check so it could be compiled. Since the emergence on GitHub, the repository has been forked 172 times.
“Even though it is not the original source code, it is enough to be of serious concern to security professionals,” Bleeping Computer notes.