We will be introducing a small change to the Cobalt Strike download and authentication workflow on Monday May 18th, 2026. This change is not expected to impact normal, interactive downloading of the Cobalt Strike software via a web browser, but may affect certain automated processes that rely on direct, programmatic retrieval of the Cobalt Strike installer.
Additional Verification for Download and Authentication Endpoints
To improve the resilience and reliability of our distribution infrastructure, we are adding Cloudflare Turnstile as an additional verification step to the following endpoints:
- Cobalt Strike download
- Arsenal Kit download
- Auth file generator
This verification mechanism is designed to help distinguish between typical interactive user activity and brute force attacks.
We understand that some customers rely on automation for internal workflows. While interactive access through a browser will continue to function as expected, workflows that depend on fully automated retrieval of these resources may require adjustment. For customers that rely on automated provisioning it is recommended to download the Distribution Package interactively and host it yourself.
The Cobalt Strike Update Program will continue to work as usual.
