Cobalt Strike is a commercial adversary simulation software that is marketed to red teams but is also stolen and actively used by a wide range of cybercriminals for malicious purposes. It is a comprehensive and powerful tool that includes a range of attack capabilities, such as spear-phishing, unauthorized access to systems, and the ability to emulate a variety of malware and other advanced threat tactics. Cobalt Strike is a collection of multiple software tools rolled into a single JAR file, which includes a command and control (C2) framework that allows an attacker to remotely control and monitor attacks and generate detailed reports on their activities. The C2 application itself has two primary components: the team server and the client, which are both contained in the same Java executable (JAR file) . The team server is the C2 server portion of Cobalt Strike, which can accept client connections, BEACON callbacks, and general web requests. Cobalt Strike is a legitimate tool used by ethical hackers, which carries a price tag of $3,500 per user, but it is also widely used by threat actors to launch real attacks against organizations.