Cobalt Strike

============================================================================= Cobalt Strike v4.0 - Advanced Threat Tactics Software ============================================================================= *** https://www.cobaltstrike.com *** 1. What is Cobalt Strike? ---------------------- Cobalt Strike is software for Adversary Simulations and Red Team Operations. Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network. While penetration tests focus on unpatched vulnerabilities and misconfigurations, these assessments benefit security operations and incident response. Cobalt Strike gives you a post-exploitation agent and covert channels to emulate a quiet long-term embedded actor in your customer's network. Malleable C2 lets you change your network indicators to look like different malware each time. These tools complement Cobalt Strike's solid social engineering process, its robust collaboration capability, and unique reports designed to aid blue team training. 2. Documentation ------------- Documentation for Cobalt Strike is located on the Cobalt Strike website at: https://www.cobaltstrike.com. Read the FAQ and the Manual for information on how to use Cobalt Strike. Watching the free online training is highly encouraged as well. 3. Install and Update ------------------ This package contains the launcher and supporting files to use the Cobalt Strike product. Run the 'update' program to download the latest version of the Cobalt Strike product. This step will also generate an authorization file that allows Cobalt Strike to run. Further information for each operating system is available at: https://www.cobaltstrike.com/support 4. Legal ----- Cobalt Strike (c) 2012-2020 Strategic Cyber LLC Cobalt Strike is proprietary software. You must purchase a license to use it or use it for the granted trial period only. Use of Cobalt Strike constitutes acceptance of the End User License Agreement at: https://www.cobaltstrike.com/license 5. Support ------- Email [email protected] for help with this product. 6. Credits for third-party components ------- Cobalt Strike makes use of code and/or content from the following sources: Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) - (c) 2017 The MITRE Corporation. (This work is reproduced and distributed with the permission of The MITRE Corporation.) https://attack.mitre.org/ Apache FOP - (c) 1999-2010 The Apache Software Foundation (Apache 2.0 License) http://xmlgraphics.apache.org/fop/ Apache JAMES Mime4j - (c) 2004-2010 The Apache Software Foundation (Apache 2.0 License) http://james.apache.org/mime4j/ Draggable Tabbed Pane - (c) Tom Martin (Creative Commons 3.0 Share-Alike [Attribution Required] License) http://stackoverflow.com/questions/60269/how-to-implement-draggable-tab-using-java-swing ipcalf - (c) 2012-2014 Nathan Vander Wilt (MIT License) https://github.com/natevw/ipcalf ISO C9x compliant stdint.h for Microsoft Visual Studio - (c) 2006-2013 Alexander Chemeris (BSD License) https://github.com/chemeris/msinttypes/blob/master/stdint.h JGraphX - (c) JGraph Ltd 2006-2012 (BSD License) http://www.jgraphx.com/ jQuery - (c) The jQuery Foundation 2012 (MIT License) http://www.jquery.com/ Jsign 1.3 - (c) Emmanuel Bourg (Apache 2.0 License) http://ebourg.github.com/jsign libssh2 - SSH2 library - (c) Sara Golemon et al. (BSD License) https://github.com/libssh2/libssh2 LibTomCrypt - developed by Tom St Denis (Public Domain/WTFPL) http://libtom.org/?page=index&newsitems=5&whatfile=crypt Metasploit Framework - (c) Rapid7 Inc. 2012 (BSD License) http://www.metasploit.com/ mbed TLS 2.14.1 - (c) 2018 ARM Limited (Apache 2.0 License) https://tls.mbed.org/ Mimikatz 2.2 - (c) Benjamin 'gentilkiwi' Delpy (Creative Commons Attribution 4.0) License: http://creativecommons.org/licenses/by/4.0/ http://blog.gentilkiwi.com/ Mono Icon Set - (c) Gentleface Inc. (Royalty Free License to Strategic Cyber LLC) http://www.gentleface.com/free_icon_set.html msfgui - (c) Matt Weeks 2010-2012 (BSD License) http://www.metasploit.com/ NanoHTTPD - (c) 2001,2005-2012 J. Elonen and (c) 2010 K. Togias (Modified BSD License) http://elonen.iki.fi/code/nanohttpd/ PowerShell Native API Functions - (c) 2012, Matt Graeber (BSD License) http://www.exploit-monday.com/2012/05/accessing-native-windows-api-in.html Reflective DLL Injection - (c) 2011, Stephen Fewer of Harmony Security (BSD License) https://github.com/stephenfewer/ReflectiveDLLInjection Synthetica Look and Feel - (c) Jyloo Software (Commercial License to Strategic Cyber LLC) http://www.jyloo.com/synthetica/ tango-icon-theme-package - Tango Desktop Project (Public Domain) http://tango.freedesktop.org/ TightVNC Java Viewer - (c) GlavSoft LLC (Commercial License to Strategic Cyber LLC) http://www.tightvnc.com/ UACME - (c) UACME Project, hFiref0x (BSD License) https://github.com/hfiref0x/UACME/ Unmanaged PowerShell - (c) 2015, Lee Christensen (BSD License) https://github.com/leechristensen/UnmanagedPowerShell user-agent-utils 1.13 - (c) 2008, Harald Walker (BSD License) https://github.com/HaraldWalker/user-agent-utils WinPcap - (c) 2005-2010 CACE Technologies (BSD License) http://www.winpcap.org/ XMLmind XSL-FO Converter - (c) 2002-2012 Pixware SARL (Developer License to Strategic Cyber LLC) http://www.xmlmind.com/foconverter/ Cobalt Strike distributes the following third-party programs for deployment as needed: TightVNC 1.3.10 - (c) 2000-2009 TightVNC Group and others (GPLv2 License) https://github.com/rsmudge/vncdll 7. Licenses for third-party components -------- Cobalt Strike is a commercial work developed at private expense. The end user license agreement for the Cobalt Strike package is described in part 4 of this readme file. Below are copies of the licenses assigned to the various components used by Cobalt Strike. BSD License ----------- Copyright (c) <YEAR>, <OWNER> All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Modified BSD License -------------------- Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistribu