Awesome CobaltStrike / 0x01 Articles & Videos |
| Cobalt_Strike_wiki | 2,278 | almost 2 years ago | |
| Cobalt Strike Book | | | |
| CobaltStrike4.0笔记 | 398 | over 5 years ago | |
| CobaltStrike相关网络文章集合 | | | |
| Cobalt Strike 外部 C2 之原理篇 | | | |
| Cobalt Strike 桌面控制问题的解决(以及屏幕截图等后渗透工具) | | | |
| Cobalt Strike & MetaSploit 联动 | | | |
| Cobalt-Strike-CheatSheet | 989 | over 3 years ago | |
| Cobalt Strike MITRE TTPs | 1,280 | over 3 years ago | |
| Red Team Operations with Cobalt Strike (2019) | 19 | over 4 years ago | |
| Cobalt Strike: Overview | | | |
| CobaltStrike插件开发 | | | |
| Cobalt Strike 中文 Wiki | 172 | about 2 years ago | |
| IntelliJ-IDEA修改cobaltstrike | | | |
| CobaltStrike二次开发环境准备 | | | |
| Cobal Strike 自定义OneLiner | | | |
| 通过反射DLL注入来构建后渗透模块(第一课) | | | |
| Cobalt Strike Aggressor Script (第一课) | | | |
| Cobalt Strike Aggressor Script (第二课) | | | |
| Implementing Syscalls In The Cobaltstrike Artifact Kit | | | |
| Cobalt Strike 4.0 认证及修补过程 | | | |
| 使用ReflectiveDLLInjection武装你的CobaltStrike | | | |
| Bypass cobaltstrike beacon config scan | | | |
| Tailoring Cobalt Strike on Target | | | |
| COFFLOADER: BUILDING YOUR OWN IN MEMORY LOADER OR HOW TO RUN BOFS | | | |
| Yet Another Cobalt Strike Stager: GUID Edition | | | |
| Cobalt Strike4.3 破解日记 | | | |
| Cobalt Strike 进程创建与对应的 Syslog 日志分析 | | | |
| Behind the Mask: Spoofing Call Stacks Dynamically with Timers | | | |
| Cobalt Strike Spear Phish | | | |
| run CS in win -- teamserver.bat | | | |
| Remote NTLM relaying through CS -- related to CVE_2018_8581 | | | |
| Cobalt Strike Convet VPN | | | |
| 渗透神器CS3.14搭建使用及流量分析 | | | |
| CobaltStrike生成免杀shellcode | | | |
| CS-notes | | | --一系列CS的使用技巧笔记 |
| 使用 Cobalt Strike 对 Linux 主机进行后渗透 | | | |
| Cobalt Strike Listener with Proxy | | | |
| Cobalt Strike Convet VPN | | | |
| CS 4.0 SMB Beacon | | | |
| Cobalt Strike 浏览器跳板攻击 | | | |
| Cobalt Strike 中 Bypass UAC | | | |
| 一起探索Cobalt Strike的ExternalC2框架 | | | |
| 深入探索Cobalt Strike的ExternalC2框架 | | | |
| Cobalt Strike的特殊功能(external_C2)探究 | | | |
| A tale of .NET assemblies, cobalt strike size constraints, and reflection | | | |
| AppDomain.AssemblyResolve | | | |
| 从webshell建立代理上线不出网的内网机器 | | | |
| 在Cobalt Strike BOF中进行直接系统调用 | | | |
| Using Direct Syscalls in Cobalt Strike's Artifact Kit | | | |
| Cobalt Strike Staging and Extracting Configuration Information | | | |
| Create a proxy DLL with artifact kit | | | |
| Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons | | | |
| Lateral Movement with LiquidSnake | | | |
| CoffLoader from OtterHacker | | | |
| CobaltStrike证书修改躲避流量审查 | | | |
| CS 合法证书 + Powershell 上线 | | | |
| Cobalt Strike 团队服务器隐匿 | | | |
| 红队基础建设:隐藏你的C2 server | | | |
| Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite | | | |
| 深入研究cobalt strike malleable C2配置文件 | | | |
| A Brave New World: Malleable C2 | | | |
| How to Write Malleable C2 Profiles for Cobalt Strike | | | |
| Randomized Malleable C2 Profiles Made Easy | | | |
| 关于CobaltStrike的Stager被扫问题 | | | |
| Beacon Stager listener 去特征 | | | |
| 检测与隐藏Cobaltstrike服务器 | | | |
| 记一次cs bypass卡巴斯基内存查杀 | | | |
| cs bypass卡巴斯基内存查杀 2 | | | |
| Cobalt Strike – Bypassing C2 Network Detections | | | |
| Cobalt Strike特征隐藏 | | | |
| Cobalt Strike 反溯源之 CDN 篇 | | | |
| Unleashing The Unseen: Harnessing The Power Of Cobalt Strike Profiles For EDR Evasion | | | |
| blog | | | Volatility Plugin for Detecting Cobalt Strike Beacon. | |
| 逆向分析Cobalt Strike安装后门 | | | |
| 分析cobaltstrike c2 协议 | 67 | over 5 years ago | |
| tool | | | Small to decrypt a Cobalt Strike auth file |
| Cobalt Strike 的 ExternalC2 | | | |
| Detecting Cobalt Strike Default Modules via Named Pipe Analysis | | | |
| 浅析CobaltStrike Beacon Staging Server扫描 | | | |
| Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability | | | |
| Analyzing Cobalt Strike for Fun and Profit | | | |
| Cobalt Strike Remote Threads detection | | | |
| The art and science of detecting Cobalt Strike | | | |
| A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers | | | |
| How to detect Cobalt Strike activities in memory forensics | | | |
| Detecting Cobalt Strike by Fingerprinting Imageload Events | | | |
| The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration | | | |
| CobaltStrike - beacon.dll : Your No Ordinary MZ Header | | | |
| GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic | | | |
| Detecting Cobalt Strike beacons in NetFlow data | | | |
| Volatility Plugin for Detecting Cobalt Strike Beacon | | | |
| Easily Identify Malicious Servers on the Internet with JARM | | | |
| Cobalt Strike Beacon Analysis | | | |
| Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike | | | |
| Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike | | | |
| Hiding in the Cloud: Cobalt Strike Beacon C2 using Amazon APIs | | | |
| Identifying Cobalt Strike team servers in the wild | | | |
| Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature | | | |
| Operation Cobalt Kitty | | | |
| Detecting and Advancing In-Memory .NET Tradecraft | | | |
| Analysing Fileless Malware: Cobalt Strike Beacon | | | |
| IndigoDrop spreads via military-themed lures to deliver Cobalt Strike | | | |
| Cobalt Group Returns To Kazakhstan | | | |
| Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability | | | |
| Azure Sentinel Quick-Deploy with Cyb3rWard0g’s Sentinel To-Go – Let’s Catch Cobalt Strike! | | | |
| Cobalt Strike stagers used by FIN6 | | | |
| Malleable C2 Profiles and You | | | |
| C2 Traffic patterns including Cobalt Strike | | | |
| Cobalt Strike DNS Direct Egress Not That Far Away | | | |
| Detecting Exposed Cobalt Strike DNS Redirectors | | | |
| Example of Cleartext Cobalt Strike Traffic | | | |
| Cobaltstrike-Beacons analyzed | | | |
| 通过DNS协议探测Cobalt Strike服务器 | | | |
| Detecting Cobalt Strike with memory signatures | | | |
| CobaltStrike通信中host字段的获取 | | | |
| 反击CobaltStrike(一) 以假乱真 | | | |
| 某 C2 鸡肋漏洞分析:你的 CS 安全吗? | | | |
| Cobalt Strike Beacon Analysis from a Live C2 | | | |
| Malleable Memory Indicators with Cobalt Strike's Beacon Payload | | | |
| STAR Webcast: Spooky RYUKy: The Return of UNC1878 | | | |
| Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection | | | |
| Profiling And Detecting All Things SSL With JA3 | | | |
Awesome CobaltStrike / 0x02 C2 Profiles |
| Malleable-C2-Profiles | 1,494 | over 4 years ago | |
| Malleable-C2-Randomizer | 433 | about 3 years ago | |
| malleable-c2 | 1,631 | almost 2 years ago | |
| Malleable-C2-Profiles | 342 | over 2 years ago | |
| random_c2_profile | 631 | almost 3 years ago | |
| SourcePoint | 1,052 | over 1 year ago | |
| C2concealer | 1,024 | over 1 year ago | |
| MalleableC2-Profiles | 34 | about 5 years ago | |
| MalleableC2-Profiles | 771 | about 3 years ago | |
| pyMalleableC2 | 269 | about 1 year ago | |
| 1135-CobaltStrike-ToolKit | 149 | almost 2 years ago | |
| service_cobaltstrike | 39 | about 4 years ago | |
| CobaltNotion | 53 | over 3 years ago | |
| Burp2Malleable | 371 | over 2 years ago | |
| autoRebind | 19 | over 2 years ago | |
| goMalleable | 60 | over 1 year ago | |
| Malleable-CS-Profiles | 384 | over 1 year ago | |
Awesome CobaltStrike / 0x03 BOF |
| BOF_Collection | 593 | about 3 years ago | |
| cobaltstrike-bof-toolset | | | |
| Situational Awareness BOF | 1,296 | 11 months ago | |
| Blog | | | Its larger goal is providing a code example and workflow for others to begin making more BOF files |
| bof_helper | 222 | over 3 years ago | |
| BOF-DLL-Inject | 147 | about 5 years ago | |
| cobaltstrike_bofs | 159 | over 3 years ago | |
| BOF-RegSave | 188 | about 5 years ago | |
| CobaltStrike BOF | 342 | over 2 years ago | |
| BOFs | 554 | almost 3 years ago | |
| Remote Operations BOF | 892 | 11 months ago | |
| OperatorsKit | 551 | over 1 year ago | |
| bof | 607 | about 3 years ago | |
| Needle_Sift_BOF | 30 | about 4 years ago | |
| Quser-BOF | 83 | over 2 years ago | |
| BOF.NET | 682 | about 1 year ago | |
| beacon-object-file | | | |
| here | | | The format, described by Mudge , asks that the operator construct an COFF file using a mingw-w64 compiler or the msvc compiler that holds an symbol name indicating its entrypoint, and underlying function calls |
| InlineWhispers | 308 | almost 4 years ago | |
| WdToggle | 213 | over 2 years ago | |
| Situational Awareness BOF | 1,296 | 11 months ago | |
| MiniDumpWriteDump | 172 | over 4 years ago | |
| COFF Loader | 483 | 12 months ago | |
| Self_Deletion_BOF | 171 | about 4 years ago | |
| PE Import Enumerator BOF | 83 | about 4 years ago | |
| Visual-Studio-BOF-template | 285 | almost 4 years ago | |
| BOF-Builder | 26 | over 2 years ago | |
| ELFLoader | 253 | over 3 years ago | |
| Rust BOFs for Cobalt Strike | 254 | over 1 year ago | |
| CoffeeLdr | 276 | almost 2 years ago | |
| HalosGate Processlist Cobalt Strike BOF | 95 | over 2 years ago | |
| PPLFaultDumpBOF | 134 | over 2 years ago | |
| Winsocky | 99 | over 2 years ago | |
| bof-vs | 145 | about 1 year ago | |
| Defender Exclusions BOF | 241 | over 2 years ago | |
| ScreenShot-BOF | 39 | over 2 years ago | |
| BofRoast | 220 | over 3 years ago | |
| EnumCLR.c | | | |
| PPEnum | 111 | over 2 years ago | |
| secinject | 88 | almost 4 years ago | |
| FindObjects-BOF | 266 | over 2 years ago | |
| Inject-assembly | 485 | almost 4 years ago | |
| WhereAmiI | 160 | over 2 years ago | |
| GetWebDAVStatus | 123 | over 1 year ago | |
| ChromeKeyDump | 170 | almost 3 years ago | |
| Sleeper | 170 | almost 3 years ago | |
| LSASS | 101 | over 3 years ago | |
| getsystem | 101 | over 3 years ago | |
| Silent Lsass Dump | 158 | over 3 years ago | |
| unhook-bof | 54 | over 3 years ago | |
| Beacon Health Check Aggressor Script | 137 | about 4 years ago | |
| Registry BOF | | | |
| InlineExecute-Assembly | 617 | over 2 years ago | |
| CredBandit | 233 | over 4 years ago | |
| Inject AMSI Bypass | 377 | over 2 years ago | |
| Firewall_Enumerator_BOF | 100 | about 4 years ago | |
| Detect-Hooks | 148 | over 4 years ago | |
| unhook-bof | 263 | about 4 years ago | |
| whereami | 160 | over 2 years ago | |
| HOLLOW | 267 | over 2 years ago | |
| BOFs | 112 | about 4 years ago | |
| SCShell | 1,418 | over 2 years ago | |
| WinRMDLL | 140 | about 4 years ago | |
| LSASS Dumping With Foreign Handles | 98 | about 4 years ago | |
| PPLDump BOF | 136 | about 4 years ago | |
| PortBender | 682 | over 2 years ago | |
| BOF2Shellcode | 175 | almost 4 years ago | |
| DLL Hijack Search Order BOF | 141 | almost 4 years ago | |
| InlineWhispers2 | 178 | over 3 years ago | |
| NetUser | 417 | about 4 years ago | |
| BOF-Nim | 84 | over 3 years ago | |
| Invoke-Bof | 245 | almost 4 years ago | |
| Cobalt-Clip | | | |
| CoffLoader | 48 | almost 3 years ago | |
| COFFLoader2 | 206 | about 3 years ago | |
| Process Protection Level Enumerator BOF | 51 | about 4 years ago | |
| Toggle_Token_Privileges_BOF | 52 | over 1 year ago | |
| Cobalt Strike BOF - Inject ETW Bypass | 276 | about 4 years ago | |
| HandleKatz_BOF | | | |
| tgtdelegation | 167 | almost 4 years ago | |
| nanodump | 1,813 | about 1 year ago | |
| xPipe Cobalt Strike BOF (x64) | 75 | over 2 years ago | |
| AddUser-Bof | 70 | about 3 years ago | |
| ServiceMove-BOF | 284 | over 3 years ago | |
| Detect-Hooks | 97 | over 4 years ago | |
| MemReader BoF | 41 | almost 2 years ago | |
| Readfile BoF | 18 | over 3 years ago | |
| ChromiumKeyDump | 18 | over 3 years ago | |
| LdapSignCheck | 177 | about 1 year ago | |
| DelegationBOF | 138 | over 3 years ago | |
| RunOF | 141 | almost 3 years ago | |
| KillDefender_BOF | 62 | over 3 years ago | |
| TokenStripBOF | 32 | over 3 years ago | |
| BOF - RDPHijack | 297 | over 3 years ago | |
| Koh | 488 | over 3 years ago | |
| RDPHijack | 297 | over 3 years ago | |
| KDStab | 156 | over 2 years ago | |
| Token Vault BOF for Cobalt Strike | 137 | about 3 years ago | |
| ASRenum | 142 | over 1 year ago | |
| ThreadlessInject-BOF | 369 | almost 2 years ago | |
| Inline-Execute-PE | 648 | over 2 years ago | |
| BOFs | 52 | over 2 years ago | |
| DomainPasswordSpray | 43 | over 2 years ago | |
| BOF-CredUI | 18 | almost 3 years ago | |
| Cookie-Graber-BOF | 172 | over 1 year ago | |
| ScreenshotBOF | 346 | over 2 years ago | |
| ScreenshotBOFPlus | 175 | over 2 years ago | |
| Elevate-System-Trusted-BOF | 148 | over 2 years ago | |
| Hidden Desktop BOF | 1,171 | almost 2 years ago | |
| DropSpawn | 219 | over 2 years ago | |
| Nanorobeus | 284 | over 2 years ago | |
| SelfDel | 40 | over 2 years ago | |
| GetWeChatBOF | 17 | over 2 years ago | |
| ShadowRDP | 62 | over 1 year ago | |
| SharpHound4Cobalt | 47 | over 2 years ago | |
| CVE-2020-0796-BOF | 68 | about 5 years ago | |
| ZeroLogon-BOF | 157 | over 3 years ago | |
| kernel-mii | 29 | over 2 years ago | |
| PrivKit | 383 | over 1 year ago | |
| CVE-2023-36874 | 202 | about 2 years ago | |
| SPAWN | 440 | over 2 years ago | |
| PersistBOF | 269 | over 2 years ago | |
| ClipboardWindow-Inject | 65 | about 3 years ago | |
| SigFlip | 1,094 | about 2 years ago | |
| BokuLoader | 1,265 | almost 2 years ago | |
| AddDefenderExclusions | 32 | over 2 years ago | |
| BOFMask | 110 | over 2 years ago | |
| Trusted Path UAC Bypass | 119 | about 4 years ago | |
| EventViewerUAC_BOF | 129 | over 3 years ago | |
Awesome CobaltStrike / 0x04 Aggressor Script |
| BypassAV | 902 | over 5 years ago | |
| BypassAV | 902 | over 5 years ago | |
| scrun | 177 | over 6 years ago | |
| Useage | | | BypassAV ShellCode Loader (Cobaltstrike/Metasploit) |
| ShellCode_Loader | 413 | about 3 years ago | |
| beacon-c2-go | 38 | almost 6 years ago | |
| C--Shellcode | 20 | almost 6 years ago | |
| Useage | | | python ShellCode Loader (Cobaltstrike&Metasploit) |
| Doge-Loader | 279 | over 4 years ago | |
| CS-Loader | 820 | about 4 years ago | |
| CSSG | 639 | almost 2 years ago | |
| Alaris | 891 | over 1 year ago | |
| CarbonMonoxide | 24 | over 5 years ago | |
| bypassAV-1 | 17 | over 4 years ago | |
| ScareCrow | 2,752 | about 2 years ago | |
| Dent | 297 | about 2 years ago | |
| PEzor | 1,869 | over 1 year ago | |
| FuckThatPacker | 630 | over 3 years ago | |
| goShellCodeByPassVT | | | |
| HouQing | 125 | over 2 years ago | |
| DesertFox | 206 | almost 5 years ago | |
| DInjector | | | |
| GoBypass | | | |
| Bypass-script | 21 | over 3 years ago | |
| CobaltWhispers | 229 | almost 3 years ago | |
| AceLdr | 887 | over 1 year ago | |
| SharpTerminator | 341 | over 2 years ago | |
| UAC-SilentClean | 190 | over 4 years ago | |
| csload.net | 121 | over 4 years ago | |
| cs-rdll-example | 111 | over 5 years ago | |
| Titan | | | |
| GECC | | | |
| CobaltStrike beacon in rust | 180 | about 1 year ago | |
| red-team-scripts | 1,113 | 11 months ago | |
| Registry-Recon | 322 | over 3 years ago | |
| aggressor-powerview | 67 | over 7 years ago | |
| PowerView | 11,979 | about 5 years ago | All functions listed in the PowerView about page are included in this with all arguments for each function |
| PowerView3-Aggressor | 128 | over 7 years ago | |
| PowerView | 11,979 | about 5 years ago | PowerView Aggressor Script for CobaltStrike |
| AggressorScripts | 39 | about 6 years ago | |
| ServerScan | 1,567 | over 1 year ago | |
| TailorScan | 279 | almost 5 years ago | |
| AggressiveProxy | 141 | almost 5 years ago | |
| Spray-AD | 426 | over 3 years ago | |
| Ladon | 4,910 | 12 months ago | |
| Ladon for Cobalt Strike | 1,000 | over 3 years ago | |
| Recon-AD | 316 | about 6 years ago | |
| XSS-Fishing2-CS | 134 | over 5 years ago | |
| XSS-Phishing | 269 | over 4 years ago | |
| custom_payload_generator | 148 | almost 4 years ago | |
| CrossC2 | 2,311 | almost 2 years ago | |
| CrossC2 Kit | 212 | about 2 years ago | |
| Cobaltstrike-MS17-010 | 418 | over 6 years ago | |
| AES-PowerShellCode | 108 | almost 6 years ago | |
| SweetPotato_CS | 240 | over 5 years ago | |
| ElevateKit | 894 | over 5 years ago | |
| CVE-2018-4878 | 87 | over 7 years ago | |
| Aggressor-Scripts | 144 | over 7 years ago | |
| CVE_2020_0796_CNA | 79 | about 5 years ago | |
| ReflectiveDLLInjection | 2,778 | about 3 years ago | 基于 实现的本地提权漏洞 |
| DDEAutoCS | 63 | about 8 years ago | |
| geacon | 1,159 | about 5 years ago | |
| geacon_pro | | | |
| geacon_plus | 397 | about 2 years ago | |
| SpoolSystem | 607 | about 3 years ago | |
| CVE-2021-1675_RDL_LPE | 147 | about 4 years ago | |
| KRBTGS | 28 | over 2 years ago | |
| PrintSpoofer-ReflectiveDLL | 87 | about 4 years ago | |
| persistence-aggressor-script | 173 | over 7 years ago | |
| Peinject_dll | | | |
| TikiTorch | 753 | about 4 years ago | |
| CACTUSTORCH | 75 | over 7 years ago | TikiTorch follows the same concept( ) but has multiple types of process injection available, which can be specified by the user at compile time |
| CACTUSTORCH | 997 | over 7 years ago | |
| UploadAndRunFrp | 63 | about 6 years ago | |
| persistence-aggressor-script | 42 | 11 months ago | |
| Persistence Aggressor Script | | | |
| AggressiveGadgetToJScript | 99 | about 5 years ago | |
| FrpProPlugin | | | |
| Automatic-permission-maintenance | 4 | over 4 years ago | |
| cobalt-strike-persistence | 70 | about 9 years ago | |
| Cobalt_Strike_CNA | 533 | almost 4 years ago | |
| CustomKeyboardLayoutPersistence | 161 | over 2 years ago | |
| SharpEventPersist | 367 | over 3 years ago | |
| SharpZippo | 58 | over 3 years ago | |
| SharpExcelibur | 87 | about 1 year ago | |
| SharpSword | 117 | about 1 year ago | |
| SharpCat | 15 | over 4 years ago | |
| TabRenamer CNA | 23 | over 3 years ago | |
| Liquid Snake | 327 | about 4 years ago | |
| TaskShell | 56 | over 4 years ago | |
| generate-rotating-beacon | 1 | over 4 years ago | |
| ScareCrow-CobaltStrike | 457 | over 3 years ago | |
| AggressorScripts | 10 | over 4 years ago | |
| SharpeningCobaltStrike | | | |
| CS_Mail_Tip | | | |
| Cobalt_Strike_Bot | 88 | over 2 years ago | |
| Cobaltstrike-atexec | 87 | over 5 years ago | |
| Sharp-HackBrowserData | 95 | almost 4 years ago | |
| HackBrowserData | 168 | over 4 years ago | |
| cobalt_sync | 25 | over 1 year ago | |
| samdump | | | |
| CallBackDump | 548 | over 2 years ago | |
| SharpeningCobaltStrike | | | |
| SharpCompile | 290 | about 5 years ago | |
| Quickrundown | 30 | over 6 years ago | |
| NetUser | | | |
| FileSearch | 152 | almost 3 years ago | |
| Phant0m_cobaltstrike | 27 | over 8 years ago | |
| NoPowerShell | 968 | almost 2 years ago | |
| EventLogMaster | 361 | almost 6 years ago | |
| ANGRYPUPPY | 311 | over 5 years ago | |
| CobaltStrike_Script_Wechat_Push | 44 | over 5 years ago | |
| CS-Aggressor-Scripts | 77 | over 1 year ago | |
| Aggressor-Scripts | 7 | over 7 years ago | |
| cs-magik | 33 | almost 7 years ago | |
| GetClipboard | 12 | about 2 years ago | |
| AggressorScripts | 7 | almost 5 years ago | |
| Beaconator | 451 | about 4 years ago | |
| Raven | 194 | over 6 years ago | |
| CobaltStrikeParser | 1,028 | almost 2 years ago | |
| fakelogonscreen | 1,301 | over 5 years ago | |
| SyncDog | | | |
| 360SafeBrowsergetpass | 611 | over 4 years ago | |
| SharpDecryptPwd | 1,181 | over 3 years ago | |
| List-GitHubAssembly | 66 | almost 5 years ago | |
| ExecuteAssembly | 547 | over 4 years ago | |
| aggrokatz | 155 | over 4 years ago | |
| Zipper | 191 | almost 6 years ago | |
| CS-ServerChan | 93 | over 2 years ago | |
| CS-PushPlus | 124 | over 2 years ago | |
| HelpColor | 191 | over 1 year ago | |
| CobaltStrike Helpmsg CNA | | | |
| YouMayPasser | 250 | over 3 years ago | |
| Sync Downloads | 92 | over 3 years ago | |
| Headless Strike | 147 | about 3 years ago | |
| Headless Strike | 295 | about 3 years ago | |
| Cohab_Processes | 81 | almost 3 years ago | |
| EnumStrike | | | |
| AM0N-Eye | | | |
| aggressor_snippets | 23 | over 2 years ago | |
| Erebus | 1,494 | about 4 years ago | |
| CSplugins | 17 | over 4 years ago | |
| Cobalt-Strike-Aggressor-Scripts | 672 | about 4 years ago | |
| Usage | 672 | about 4 years ago | CobaltStrike后渗透测试插件集合 |
| AggressorScripts | 800 | about 3 years ago | |
| RedTeamTools | 1,440 | over 4 years ago | |
| cobalt-arsenal | 1,048 | over 2 years ago | |
| MoveKit | 651 | over 5 years ago | |
| intro | | | The aggressor script handles payload creation by reading the template files for a specific execution type |
| StayKit | 468 | almost 6 years ago | |
| intro | | | The aggressor script handles payload creation by reading the template files for a specific execution type |
| AggressorScripts | 272 | over 3 years ago | |
| AggressorScripts | 1,486 | over 2 years ago | |
| AggressorScripts | 272 | over 3 years ago | |
| Aggressor-VYSEC | 207 | over 6 years ago | |
| AggressorAssessor | 175 | about 1 year ago | |
| AggressorAssessor | 175 | about 1 year ago | |
| aggressor-scripts | 139 | 11 months ago | |
| 梼杌 | 1,797 | almost 2 years ago | |
| Aggressor-scripts | 404 | over 2 years ago | |
| Aggressor-Script | 171 | about 7 years ago | |
| Aggressor-Script | 533 | almost 3 years ago | |
| aggressor_scripts_collection | 63 | about 8 years ago | |
| CobaltStrike-ToolKit | 846 | almost 5 years ago | |
| Arsenal | | | |
| cobalt-arsenal | 1,048 | over 2 years ago | |
| aggressor_scripts | 168 | about 1 year ago | |
| aggressor | 18 | over 5 years ago | |
| CobaltStrikeCNA | 29 | over 8 years ago | |
| AggressorScripts | 28 | over 8 years ago | |
| AggressorAssessor | 175 | about 1 year ago | |
| AggressorCollection | 147 | almost 7 years ago | |
| Cobaltstrike-Aggressor-Scripts-Collection | 109 | over 5 years ago | |
| aggressorScripts | 10 | over 3 years ago | |
| Aggressor_Scripts | 11 | about 4 years ago | |
| cobalt_strike_extension_kit | | | |
| cobaltstrike | 179 | over 4 years ago | |
| 365CobaltStrike | | | |
| Cobalt-Strike | | | |
| CSPlugins | 404 | almost 5 years ago | |
| CobaltStrike-xor | | | |
| Z1-AggressorScripts | 545 | over 4 years ago | |
| csplugin | 243 | over 2 years ago | |
| CSplugins | 17 | over 4 years ago | |
| LSTAR | 1,166 | over 3 years ago | |
| SharpUtils | 46 | over 2 years ago | |
| SharpToolsAggressor | 498 | over 5 years ago | |
| C.Ex | | | |
| OLa | 628 | about 3 years ago | |
| |
| cobaltstrike_brute | 28 | about 5 years ago | |
| Dissecting Cobalt Strike using Python | 148 | about 1 year ago | |
| CobaltSpam | 366 | about 4 years ago | |
| CobaltStrikeDos | 103 | about 4 years ago | |
| CS_mock | 78 | about 3 years ago | |
| CS_fakesubmit | 130 | about 3 years ago | |
| CobaltStrikeScan | 130 | about 3 years ago | |
| grab_beacon_config | 447 | about 4 years ago | |
| C2-JARM | 135 | over 2 years ago | |
| JARM | 1,180 | over 2 years ago | |
| DetectCobaltStomp | | | |
| cobaltstrike | 266 | over 4 years ago | |
| CS_Decrypt | 140 | almost 5 years ago | |
| CS Scripts | 32 | over 4 years ago | |
| PyBeacon | 168 | almost 5 years ago | |
| cobaltstrikescan | 455 | over 1 year ago | |
| CobaltStrikeForensic | 206 | over 2 years ago | |
| DuckMemoryScan | 711 | about 3 years ago | |
| CobaltSplunk Splunk Application | 85 | over 4 years ago | |
| BeaconHunter | 482 | over 3 years ago | |
| CobaltStrikeDetected | 272 | over 4 years ago | |
| BeaconEye | 892 | about 1 year ago | |
| Beacon_re | 86 | over 3 years ago | |
| Beacon.dll | 137 | about 4 years ago | |
| SharpBeacon | | | |
| EvilEye | 148 | about 3 years ago | |
| Hunt-Sleeping-Beacons | 148 | about 3 years ago | |
| CSRouge | 9 | over 3 years ago | |
| Cobalt Strike Discovery | 20 | about 1 year ago | |
| bypass-beacon-config-scan | 84 | over 4 years ago | |
| bypass-beacon-config-scan | 134 | about 3 years ago | |
| Cooolis-ms | 913 | about 1 year ago | |
| UrbanBishopLocal | 115 | about 5 years ago | |
| UrbanBishop | 1,117 | almost 3 years ago | A port of FuzzySecurity's project for inline shellcode execution |
| ShellcodeLoader | | | |
| ZheTian | 729 | almost 3 years ago | |
| EXOCET | 836 | about 3 years ago | |
| SecondaryDevCobaltStrike | | | |
| Bypass_Go | 32 | almost 5 years ago | |
| CrossNet-Beta | 362 | over 1 year ago | |
| EVA | | | |
| BypassAV | 902 | over 5 years ago | |
| NimShellCodeLoader | 640 | 11 months ago | |
| beacon_hook_bypass_memscan | 24 | about 4 years ago | |
| https://xz.aliyun.com/t/9399 | | | cs bypass卡巴斯基内存查杀: |
| ZheTian | 729 | almost 3 years ago | |
| bypassAV | 52 | about 4 years ago | |
| JsLoader | 357 | over 4 years ago | |
| ShellcodeLoader | 523 | over 5 years ago | |
| Alt-Beacon-Payload | 20 | over 4 years ago | |
| https://github.com/fullmetalcache/CsharpMMNiceness | 31 | over 6 years ago | Beacon payload using AV bypass method from and shellcode generated from |
| SigFlip | 1,094 | about 2 years ago | |
| SigFlip | 45 | almost 4 years ago | |
| Shellcode Fluctuation PoC | 957 | over 3 years ago | |
| cool | 691 | over 2 years ago | |
| ThreadStackSpoofer | 1,053 | over 3 years ago | |
| SleepyCrypt | 330 | about 4 years ago | |
| GobypassAV | 823 | about 2 years ago | |
| AtomLdr | 676 | over 2 years ago | |
| Beacon | | | |
| Linco2 | 136 | over 5 years ago | |
| beacon-object-files | 10 | almost 5 years ago | |
| C2ReverseProxy | 480 | over 2 years ago | |
| Cobalt strike custom 404 page | 63 | over 5 years ago | |
| StageStrike | 106 | over 5 years ago | |
| CS_SSLGen | 2 | over 7 years ago | |
| CobaltPatch | 37 | about 5 years ago | |
| pycobalt | 293 | almost 4 years ago | |
| redshell | 209 | about 3 years ago | |
| CobaltStrikeToGhostWriter | 29 | almost 5 years ago | |
| Ansible-Cobalt-Strike | 16 | about 5 years ago | |
| cobaltstrike_runtimeconfig | | | |
| pystinger | 1,377 | about 4 years ago | |
| ansible-role-cobalt-strike | 74 | 11 months ago | |
| CrossNet | 362 | over 1 year ago | |
| CrossC2-C2Profile | 83 | over 4 years ago | |
| BypassAddUser | 46 | almost 5 years ago | |
| Docker-CobaltStrike | | | |
| TeamServer.prop | 62 | over 1 year ago | |
| Cobalt_Strike_Ansible | 33 | about 4 years ago | |
| Ansible Role: Cobalt Strike | 31 | over 4 years ago | |
| csOnvps | 288 | over 3 years ago | |
| Cobalt Strike Sleep Python Bridge | 169 | over 2 years ago | |
| c2_reporter | 20 | almost 5 years ago | |
| Cobalt Strike Beacon Dataset | 125 | over 3 years ago | |
| Dumpert | 1,496 | almost 5 years ago | |
| DuplicateDump | 199 | over 3 years ago | |
| BOFHound | 311 | over 1 year ago | |
| PersistAssist | 248 | over 2 years ago | |
| ElusiveMice | 427 | over 2 years ago | |
| GoFileBinder | 157 | almost 4 years ago | |
| geacon | 1,159 | about 5 years ago | |
| geacon | 159 | about 3 years ago | |
| redi | 140 | almost 8 years ago | |
| cs2modrewrite | 585 | over 2 years ago | |
| cs2webconfig | 110 | about 4 years ago | |
| RedGuard | 1,421 | about 1 year ago | |
| WebGuard | 32 | over 3 years ago | |
| RedWarden | 933 | about 3 years ago | |
| RedCaddy | 198 | over 1 year ago | |
| Oratu | | | |
| Oss-stinger | 343 | almost 3 years ago | |
| Apache Mod_Rewrite Terrafrom Automation | 46 | over 4 years ago | |
| Red-EC2 | 59 | about 5 years ago | |
| Rapid Attack Infrastructure | 300 | 11 months ago | |
| RedCommander | 221 | about 5 years ago | |
| here | | | Creates two Cobalt Strike C2 servers (DNS and HTTPS), with redirectors, and RedELK in Amazon AWS. Minimal setup required! Companion Blog |
| CobaltPatch | | | |
| CPLResourceRunner | 253 | almost 5 years ago | |
| csdroid | 52 | almost 3 years ago | |
| vscode-language-aggressor | 124 | over 1 year ago | |
| PayloadAutomation | 118 | over 3 years ago | |
| CrackSleeve | 26 | over 4 years ago | |
| beacon | | | |
| ExternalC2.NET | 84 | almost 4 years ago | |
| GPUSleep | 239 | almost 4 years ago | |
| CallStackMasker | 256 | over 2 years ago | |
| CSAgent | | | |
| |
| SilasCutler JARM Scan CobaltStrike Beacon Config.json | | | |
| Cobalt Strike hashes | | | |
| List of Cobalt Strike servers | | | |
| CobaltStrike samples pass=infected | | | |
| List of spawns from exposed Cobalt Strike C2 | | | |
| C2IntelFeeds | 540 | 11 months ago | |
| apt_cobaltstrike | 2,509 | 11 months ago | |
| apt_cobaltstrike_evasive | 2,509 | 11 months ago | |
| rules | 266 | over 4 years ago | |
| suricata-rules | 1,140 | over 2 years ago | |
Awesome-CobaltStrike 
yeyintminthuhtut/awesome-red-teamingdeimosc2/deimosc2
infosecn1nja/red-teaming-toolkit
mubix/shellshocker-pocs
coalfire-research/slackor
rapid7/metasploit-payloads
huntergregal/mimipenguin
fuzzdb-project/fuzzdb
redhuntlabs/redhunt-os
sundowndev/hacker-roadmap
redteamoperations/redcloud-os
grrrdog/java-deserialization-cheat-sheet
aaaguirrep/offensive-docker
asyraffff/open-source-ruby-and-rails-apps