Alleged source code belonging to commercial penetration testing software Cobalt Strike has been published on GitHub, potentially providing a new path for hackers to attack companies.
Penetration testing, usually abbreviated as pen testing, has legitimate uses as a security tool to test security but can also be used by bad actors to attack a company. Ethical pen testing involves simulated attacks on a computer system to evaluate the security of the given system. In the hands of hackers, the same pen testing software can be used to identify security issues that can be exploited.
Cobalt Strike, which pitches itself as being a legitimate pen testing solution has been controversial for years due to its use by hacking groups, be it they had to pay $3,500 per year for a license to use the software or use a pirated copy. Malpedia has a page dedicated to Cobalt Strike, noting that it