HelpSystems produces Cobalt Strike, a software platform for Adversary Simulations and Red Team Operations. Adversary Simulations and Red Team Operations are security assessments that replicate the tactics and techniques of an advanced adversary in a network. While penetration tests focus on unpatched vulnerabilities and misconfigurations, these assessments benefit security operations and incident response.
Close the gap between penetration testing tools and advanced threat malware.
Relevant and credible adversary simulations that:
HelpSystems is committed to execute its mission and achieve its vision in a lawful, professionally responsible, and ethical way.
HelpSystems uses the following tools to meet this commitment:
Functionally, Cobalt Strike aspires to differ little from the advanced threat malware it emulates. As Cobalt Strike makes progress on its defined mission, the dual-use potential of the product becomes a greater challenge. HelpSystems's goals are to ensure Cobalt Strike is a force for good that empowers security professionals.
Towards those ends, HelpSystems has processes and technology measures to:
The Export Compliance Statement documents some of these measures. In addition, HelpSystems degrades the trial product's ability to evade defenses and adds a customer identifier to files generated by the licensed product.
HelpSystems's Cobalt Strike product is controlled by U.S. export control regulations and the company is committed to compliance with all U.S. laws, to include the U.S. Department of Commerce Export Administration Regulations and the regulations administered by the Department of Treasury Office of Financial Assets Control.
The Department of Commerce issued a Commodity Classification determination to Strategic Cyber LLC (which was subsequently acquired by HelpSystems) classifying Cobalt Strike under Export Control Classification Number 5D002.c.1. This classification dictates the circumstances, countries, and types of end-users to which HelpSystems may export Cobalt Strike. HelpSystems only makes export sales and trial fulfillments that comply with these restrictions. HelpSystems reports all export sales and trial fulfillments of Cobalt Strike to the U.S. government.
HelpSystems maintains a comprehensive export control compliance program to comply with U.S. export control regulations. This program also prevents fraud, denies adversary access to Cobalt Strike, and preserves the trust of HelpSystems's customers.
As part of its export compliance program, HelpSystems:
HelpSystems is committed to cooperating with U.S. government law enforcement agencies and complying with valid legal process.
As a general matter, non-public information about our customers will not be disclosed in response to a request from a third party except when we receive a subpoena, court order, or other valid legal process.
HelpSystems's legal counsel carefully examines each records request to ensure compliance with the law, including the Stored Communications Act. If we believe a request is overbroad, we may negotiate to narrow it or ask the issuing party to seek an adequate form of legal process to obtain the requested information.
HelpSystems respects the intellectual property rights of others and aims to comply with all applicable U.S. laws regarding intellectual property.
A list of third-party components (both open source and commercial) incorporated into Cobalt Strike is available in the product's readme.txt file. This file also documents the license of each component and its source. HelpSystems complies with these licenses and keeps this information up to date.