Cobalt Strike is a commercial penetration testing framework featuring the Beacon C2 agent — widely used by red teams and unfortunately also by APT groups. Provides lateral movement, persistence, and data exfiltration capabilities.
Cobalt Strike is legitimate red team software but frequently cracked and used by real attackers. Blue teams hunt for Cobalt Strike beacons via network signatures (default watermark, malleable C2 profiles). Detecting Cobalt Strike is a key blue team skill.