TLDR:
- Cobalt Strike’s roadmap and developmental processes continue to advance, building upon established foundations and now driven by offensive researchers more than ever.
- William Burgess is now the technical lead for Cobalt Strike. With the addition of two more talented offensive researchers (Austin Hudson and Steve Salinas), Fortra is demonstrating its continued investment into Cobalt Strike.
- Pieter Ceelen, who was fulfilling the role of product owner of Outflank Security Tooling (OST) in Fortra’s Outflank team will also take the product owner role for Cobalt Strike. This move will strengthen collaboration between the Outflank and Cobalt Strike R&D teams.
- The change of product ownership does not affect the Cobalt Strike roadmap. Cobalt Strike and OST have their own trajectories, with Cobalt Strike following its own course to remain the industry standard threat emulation framework.
Cobalt Strike Staffing Changes
Recently there have been some internal changes within the Cobalt Strike team.
Greg Darwin has switched to a new position within Fortra. Greg has been the face of Cobalt Strike within the community for a number of years and we thank Greg for all his work and effort he put into Cobalt Strike. It was a pleasure to work with you!
William Burgess (@joehowwolf), who has been a principal researcher for Cobalt Strike since early 2023, has taken on the role of technical lead. Pieter Ceelen (@ptrpieter) is the new product owner. Pieter is a seasoned red teamer and security researcher and in the last two years has grown into the role of product owner for Outflank Security Tooling (OST).
As product owner, Pieter will not be too deeply involved in the day-to-day work on Cobalt Strike but will contribute to the overall roadmap, prioritization of features, collecting community feedback, and other tasks focused on strategic oversight.
As Pieter will be fulfilling this role for both the Cobalt Strike and Outflank team, this will increase cross-pollination between the Outflank and Cobalt Strike team. Cobalt Strike and OST both have their own trajectory forward, but opportunities for increased collaboration and interoperability between Cobalt Strike and OST teams will strengthen both products.
Lastly, the Cobalt Strike team has grown and changed. Recently, two new offensive researchers have joined: Austin Hudson (@ilove2pwn_) and Steve Salinas (@0xtriboulet), demonstrating Fortra’s continued investment into Cobalt Strike. With these recent additions we have a group of world-class researchers that will further drive CS development. Our aim is to continue driving the security industry forward and keep enabling advanced attack emulation using our product. It is not easy to follow in Raphael’s footsteps. With these changes we have a group of world-class researchers that will further steer Cobalt Strike’s development, driving the security industry forward and ensuring that Cobalt Strike is the most advanced threat emulation framework in the industry.
What’s Next for Cobalt Strike
In the upcoming 4.11 release and beyond, we intend to keep on the path of our research-led roadmap. Planned directions include:
- Improvements in evasion: Out-of-the-box options as well as adding further features for adjusting Beacon based on operator preferences.
- Continue working on ease of use: With the growing configuration options we keep working on simplifying the usage of Cobalt Strike; from both the red team operator and red team malware developer viewpoint.
- Enabling novel tradecraft: Continue including new capabilities in Cobalt Strike, thus allowing our users to apply the latest TTPs.
Cherishing Our Community
Cobalt Strike has always embraced its community, and we want to keep being actively involved with our customer base. We are introducing a couple of small changes to better show how Cobalt Strike appreciates its community and communication:
- Besides X, there are other places where customers hang out, through Slack, Discord, and other means. Previously, Greg Darwin was the main point of contact within these various communities. This responsibility will now be shared by the Cobalt Strike team. They will routinely keep an eye on the Bloodhound slack Aggressor channel, Red Siege Discord channel, and Zero Point Discord channel to provide feedback and participate in discussions. Official support is available through the CS manual, our blog, and [email protected].
- With the growth of our team, we plan to have Cobalt Strike researchers and developers present more often at major security conferences to engage with our customers and collect feedback.
- We’re creating a Cobalt Strike Community Award! Numerous users are contributing to the Cobalt Strike ecosystem, ranging from sharing custom loaders, BOFs, or smaller CNA scripts. With the Cobalt Strike Community Kit, we are able to curate and highlight these extensions.
To put some additional shine on these contributions, we are introducing a Cobalt Strike Community Award. The specifics are still being worked out, but we will provide a detailed update in the coming months. - For updates on our conference attendance, the Community Award, and other news, follow our official X handle: @_cobaltstrike.
With any change, there are understandable nerves. While I hope this blog provides some reassurance about our ongoing dedication to Cobalt Strike, the best way to demonstrate our commitment is through action. We look forward to showcasing our efforts.
