Cobalt Strike is a well-established Command & Control (C2) framework, designed to provide an operator with as much flexibility as possible. Users are not constrained by default behaviors built into the software; they are able to make modifications and incorporate their own tools and techniques.
The software is maintained by a very experienced team of skilled software engineers. The core tenets of the development philosophy are to keep the product stable and continue to open up the internals of the product to allow operators to use the software in a way which suits their needs.
Cobalt Strike’s creator, Raphael Mudge, created the Artifact and Resource Kits to allow a red team operator to change Cobalt Strike’s default behaviors. This is something that we continue to support via the Arsenal Kit. Operators can leverage tools such as the Sleep Mask Kit and User Defined Reflective Loader to change how the software operates. The Cobalt Strike development team maintains those tools (for example, the evasive updates to the Sleep Mask Kit in the 4.8 release) and will continue to add news ones.
The Cobalt Strike Community Kit is a curated set of tools written by the Cobalt Strike user community. These tools are used by our user community in their engagements and cover a wide range of use cases, from Aggressor Scripts that add features to the client UI, to Beacon Object Files (BOFs) that perform a wide range of tasks.
Malleable C2 was created by Raphael Mudge as a way for red team operators to change Beacon’s HTTP indicators. This is commonly used to either help Beacon’s traffic blend in on-target, or emulate an APT.