External C2 (Third-party Command and Control)

Cobalt Strike’s External Command and Control (External C2) interface allows third-party programs to act as a communication layer between Cobalt Strike and its Beacon payload.

A beta of this feature and specification has existed since Cobalt Strike 3.6 (it's implemented in your copy of Cobalt Strike). The specification is not considered final and supported yet. This feature is still under development and consideration.

If you'd like to try it out now, please consult the External C2 specification.

A few "business" matters

If you'd like to adapt the example (Appendix B) in the specification into a third-party C2, you may assume a 3-clause BSD license for the code contained within the specification.

If you'd like to refer to the External C2 spec, please link to this page instead. As the documentation and resources evolve, this page will have the latest information.

Third-party Materials

Here's a list of third-party projects and posts that reference, use, or build on External C2: