We will be making a small change to the Cobalt Strike infrastructure next week. This will not result in any downtime but will affect updates using old copies of the update application.

TLS Certificate Update

verify.cobaltstrike.com hosts a text file with SHA256 hashes for the licensed Cobalt Strike product and distribution packages for Windows, Linux and MacOS. The update application queries this server during the update process. One of the validation checks performed during an update is to check that the TLS certificate hashes pinned by the update application match the certificate on that server, as well as the one on download.cobaltstrike.com. If the values are not what the update application expects, it will warn you that the server cannot be trusted. This is by design, and is to ensure that you are getting the update from Fortra.

We will be updating the TLS certificates used by our infrastructure on Wednesday January 24th. You will need to download and extract the distribution package for your platform to get the latest version of the update program (20240112) in order to run warning-free updates after that date.