Cobalt Strike broken by Java 1.8u131 Startup Bug

Cobalt Strike (Adversary Simulation and Red Team Operations Software) has been impacted by a known bug in Java 1.8u131. The Java update creates a change that breaks the -XX:+AggressiveHeap cmd line option that Cobalt Strike utilises. This is affecting other applications that use this cmd line option.

One workaround for this on Linux systems is to update teamserver and cobaltstrike scripts to include the -XX:ParallelGCThreads=8 option after the Java command or, even better, don’t upgrade to Java 1.8u131 yet and downgrade to Java 1.8u121 if you have already upgraded.

You can read more about this issue on the Cobalt Strike blog