Awesome CobaltStrike / 0x01 Articles & Videos |
Cobalt_Strike_wiki | 2,233 | 10 months ago | |
Cobalt Strike Book | | | |
CobaltStrike4.0笔记 | 396 | over 4 years ago | |
CobaltStrike相关网络文章集合 | | | |
Cobalt Strike 外部 C2 之原理篇 | | | |
Cobalt Strike 桌面控制问题的解决(以及屏幕截图等后渗透工具) | | | |
Cobalt Strike & MetaSploit 联动 | | | |
Cobalt-Strike-CheatSheet | 972 | over 2 years ago | |
Cobalt Strike MITRE TTPs | 1,275 | about 2 years ago | |
Red Team Operations with Cobalt Strike (2019) | 19 | over 3 years ago | |
Cobalt Strike: Overview | | | |
CobaltStrike插件开发 | | | |
Cobalt Strike 中文 Wiki | 172 | about 1 year ago | |
IntelliJ-IDEA修改cobaltstrike | | | |
CobaltStrike二次开发环境准备 | | | |
Cobal Strike 自定义OneLiner | | | |
通过反射DLL注入来构建后渗透模块(第一课) | | | |
Cobalt Strike Aggressor Script (第一课) | | | |
Cobalt Strike Aggressor Script (第二课) | | | |
Implementing Syscalls In The Cobaltstrike Artifact Kit | | | |
Cobalt Strike 4.0 认证及修补过程 | | | |
使用ReflectiveDLLInjection武装你的CobaltStrike | | | |
Bypass cobaltstrike beacon config scan | | | |
Tailoring Cobalt Strike on Target | | | |
COFFLOADER: BUILDING YOUR OWN IN MEMORY LOADER OR HOW TO RUN BOFS | | | |
Yet Another Cobalt Strike Stager: GUID Edition | | | |
Cobalt Strike4.3 破解日记 | | | |
Cobalt Strike 进程创建与对应的 Syslog 日志分析 | | | |
Behind the Mask: Spoofing Call Stacks Dynamically with Timers | | | |
Cobalt Strike Spear Phish | | | |
run CS in win -- teamserver.bat | | | |
Remote NTLM relaying through CS -- related to CVE_2018_8581 | | | |
Cobalt Strike Convet VPN | | | |
渗透神器CS3.14搭建使用及流量分析 | | | |
CobaltStrike生成免杀shellcode | | | |
CS-notes | | | --一系列CS的使用技巧笔记 |
使用 Cobalt Strike 对 Linux 主机进行后渗透 | | | |
Cobalt Strike Listener with Proxy | | | |
Cobalt Strike Convet VPN | | | |
CS 4.0 SMB Beacon | | | |
Cobalt Strike 浏览器跳板攻击 | | | |
Cobalt Strike 中 Bypass UAC | | | |
一起探索Cobalt Strike的ExternalC2框架 | | | |
深入探索Cobalt Strike的ExternalC2框架 | | | |
Cobalt Strike的特殊功能(external_C2)探究 | | | |
A tale of .NET assemblies, cobalt strike size constraints, and reflection | | | |
AppDomain.AssemblyResolve | | | |
从webshell建立代理上线不出网的内网机器 | | | |
在Cobalt Strike BOF中进行直接系统调用 | | | |
Using Direct Syscalls in Cobalt Strike's Artifact Kit | | | |
Cobalt Strike Staging and Extracting Configuration Information | | | |
Create a proxy DLL with artifact kit | | | |
Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons | | | |
Lateral Movement with LiquidSnake | | | |
CoffLoader from OtterHacker | | | |
CobaltStrike证书修改躲避流量审查 | | | |
CS 合法证书 + Powershell 上线 | | | |
Cobalt Strike 团队服务器隐匿 | | | |
红队基础建设:隐藏你的C2 server | | | |
Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite | | | |
深入研究cobalt strike malleable C2配置文件 | | | |
A Brave New World: Malleable C2 | | | |
How to Write Malleable C2 Profiles for Cobalt Strike | | | |
Randomized Malleable C2 Profiles Made Easy | | | |
关于CobaltStrike的Stager被扫问题 | | | |
Beacon Stager listener 去特征 | | | |
检测与隐藏Cobaltstrike服务器 | | | |
记一次cs bypass卡巴斯基内存查杀 | | | |
cs bypass卡巴斯基内存查杀 2 | | | |
Cobalt Strike – Bypassing C2 Network Detections | | | |
Cobalt Strike特征隐藏 | | | |
Cobalt Strike 反溯源之 CDN 篇 | | | |
Unleashing The Unseen: Harnessing The Power Of Cobalt Strike Profiles For EDR Evasion | | | |
blog | | | Volatility Plugin for Detecting Cobalt Strike Beacon. | |
逆向分析Cobalt Strike安装后门 | | | |
分析cobaltstrike c2 协议 | 67 | over 4 years ago | |
tool | | | Small to decrypt a Cobalt Strike auth file |
Cobalt Strike 的 ExternalC2 | | | |
Detecting Cobalt Strike Default Modules via Named Pipe Analysis | | | |
浅析CobaltStrike Beacon Staging Server扫描 | | | |
Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability | | | |
Analyzing Cobalt Strike for Fun and Profit | | | |
Cobalt Strike Remote Threads detection | | | |
The art and science of detecting Cobalt Strike | | | |
A Multi-Method Approach to Identifying Rogue Cobalt Strike Servers | | | |
How to detect Cobalt Strike activities in memory forensics | | | |
Detecting Cobalt Strike by Fingerprinting Imageload Events | | | |
The Anatomy of an APT Attack and CobaltStrike Beacon’s Encoded Configuration | | | |
CobaltStrike - beacon.dll : Your No Ordinary MZ Header | | | |
GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic | | | |
Detecting Cobalt Strike beacons in NetFlow data | | | |
Volatility Plugin for Detecting Cobalt Strike Beacon | | | |
Easily Identify Malicious Servers on the Internet with JARM | | | |
Cobalt Strike Beacon Analysis | | | |
Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike | | | |
Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike | | | |
Hiding in the Cloud: Cobalt Strike Beacon C2 using Amazon APIs | | | |
Identifying Cobalt Strike team servers in the wild | | | |
Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature | | | |
Operation Cobalt Kitty | | | |
Detecting and Advancing In-Memory .NET Tradecraft | | | |
Analysing Fileless Malware: Cobalt Strike Beacon | | | |
IndigoDrop spreads via military-themed lures to deliver Cobalt Strike | | | |
Cobalt Group Returns To Kazakhstan | | | |
Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability | | | |
Azure Sentinel Quick-Deploy with Cyb3rWard0g’s Sentinel To-Go – Let’s Catch Cobalt Strike! | | | |
Cobalt Strike stagers used by FIN6 | | | |
Malleable C2 Profiles and You | | | |
C2 Traffic patterns including Cobalt Strike | | | |
Cobalt Strike DNS Direct Egress Not That Far Away | | | |
Detecting Exposed Cobalt Strike DNS Redirectors | | | |
Example of Cleartext Cobalt Strike Traffic | | | |
Cobaltstrike-Beacons analyzed | | | |
通过DNS协议探测Cobalt Strike服务器 | | | |
Detecting Cobalt Strike with memory signatures | | | |
CobaltStrike通信中host字段的获取 | | | |
反击CobaltStrike(一) 以假乱真 | | | |
某 C2 鸡肋漏洞分析:你的 CS 安全吗? | | | |
Cobalt Strike Beacon Analysis from a Live C2 | | | |
Malleable Memory Indicators with Cobalt Strike's Beacon Payload | | | |
STAR Webcast: Spooky RYUKy: The Return of UNC1878 | | | |
Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection | | | |
Profiling And Detecting All Things SSL With JA3 | | | |
Awesome CobaltStrike / 0x02 C2 Profiles |
Malleable-C2-Profiles | 1,484 | over 3 years ago | |
Malleable-C2-Randomizer | 432 | about 2 years ago | |
malleable-c2 | 1,592 | 10 months ago | |
Malleable-C2-Profiles | 331 | over 1 year ago | |
random_c2_profile | 619 | over 1 year ago | |
SourcePoint | 1,027 | 6 months ago | |
C2concealer | 994 | 3 months ago | |
MalleableC2-Profiles | 34 | almost 4 years ago | |
MalleableC2-Profiles | 757 | almost 2 years ago | |
pyMalleableC2 | 263 | 5 months ago | |
1135-CobaltStrike-ToolKit | 151 | 10 months ago | |
service_cobaltstrike | 39 | about 3 years ago | |
CobaltNotion | 53 | over 2 years ago | |
Burp2Malleable | 360 | over 1 year ago | |
autoRebind | 19 | over 1 year ago | |
goMalleable | 58 | 5 months ago | |
Malleable-CS-Profiles | 355 | 7 months ago | |
Awesome CobaltStrike / 0x03 BOF |
BOF_Collection | 563 | almost 2 years ago | |
cobaltstrike-bof-toolset | | | |
Situational Awareness BOF | 1,229 | 26 days ago | |
Blog | | | Its larger goal is providing a code example and workflow for others to begin making more BOF files |
bof_helper | 219 | over 2 years ago | |
BOF-DLL-Inject | 146 | about 4 years ago | |
cobaltstrike_bofs | 158 | about 2 years ago | |
BOF-RegSave | 185 | almost 4 years ago | |
CobaltStrike BOF | 340 | over 1 year ago | |
BOFs | 540 | almost 2 years ago | |
Remote Operations BOF | 755 | 16 days ago | |
OperatorsKit | 514 | 3 months ago | |
bof | 608 | about 2 years ago | |
Needle_Sift_BOF | 30 | about 3 years ago | |
Quser-BOF | 82 | over 1 year ago | |
BOF.NET | 659 | about 1 month ago | |
beacon-object-file | | | |
here | | | The format, described by Mudge , asks that the operator construct an COFF file using a mingw-w64 compiler or the msvc compiler that holds an symbol name indicating its entrypoint, and underlying function calls |
InlineWhispers | 303 | almost 3 years ago | |
WdToggle | 212 | over 1 year ago | |
Situational Awareness BOF | 1,229 | 26 days ago | |
MiniDumpWriteDump | 165 | over 3 years ago | |
COFF Loader | 460 | 11 days ago | |
Self_Deletion_BOF | 169 | about 3 years ago | |
PE Import Enumerator BOF | 82 | almost 3 years ago | |
Visual-Studio-BOF-template | 279 | almost 3 years ago | |
BOF-Builder | 26 | about 1 year ago | |
ELFLoader | 245 | over 2 years ago | |
Rust BOFs for Cobalt Strike | 238 | 8 months ago | |
CoffeeLdr | 271 | 10 months ago | |
HalosGate Processlist Cobalt Strike BOF | 93 | over 1 year ago | |
PPLFaultDumpBOF | 132 | over 1 year ago | |
Winsocky | 96 | about 1 year ago | |
bof-vs | 129 | about 2 months ago | |
Defender Exclusions BOF | 239 | over 1 year ago | |
ScreenShot-BOF | 39 | about 1 year ago | |
BofRoast | 215 | over 2 years ago | |
EnumCLR.c | | | |
PPEnum | 102 | over 1 year ago | |
secinject | 87 | over 2 years ago | |
FindObjects-BOF | 265 | over 1 year ago | |
Inject-assembly | 477 | over 2 years ago | |
WhereAmiI | 160 | over 1 year ago | |
GetWebDAVStatus | 117 | 7 months ago | |
ChromeKeyDump | 169 | almost 2 years ago | |
Sleeper | 169 | almost 2 years ago | |
LSASS | 100 | over 2 years ago | |
getsystem | 100 | over 2 years ago | |
Silent Lsass Dump | 159 | over 2 years ago | |
unhook-bof | 54 | over 2 years ago | |
Beacon Health Check Aggressor Script | 138 | about 3 years ago | |
Registry BOF | | | |
InlineExecute-Assembly | 592 | about 1 year ago | |
CredBandit | 230 | about 3 years ago | |
Inject AMSI Bypass | 374 | over 1 year ago | |
Firewall_Enumerator_BOF | 100 | almost 3 years ago | |
Detect-Hooks | 146 | about 3 years ago | |
unhook-bof | 262 | about 3 years ago | |
whereami | 160 | over 1 year ago | |
HOLLOW | 263 | over 1 year ago | |
BOFs | 111 | about 3 years ago | |
SCShell | 1,385 | about 1 year ago | |
WinRMDLL | 139 | about 3 years ago | |
LSASS Dumping With Foreign Handles | 95 | about 3 years ago | |
PPLDump BOF | 134 | about 3 years ago | |
PortBender | 666 | over 1 year ago | |
BOF2Shellcode | 170 | almost 3 years ago | |
DLL Hijack Search Order BOF | 140 | almost 3 years ago | |
InlineWhispers2 | 177 | about 2 years ago | |
NetUser | 414 | about 3 years ago | |
BOF-Nim | 84 | about 2 years ago | |
Invoke-Bof | 245 | almost 3 years ago | |
Cobalt-Clip | | | |
CoffLoader | 48 | over 1 year ago | |
COFFLoader2 | 191 | about 2 years ago | |
Process Protection Level Enumerator BOF | 51 | about 3 years ago | |
Toggle_Token_Privileges_BOF | 51 | 3 months ago | |
Cobalt Strike BOF - Inject ETW Bypass | 275 | about 3 years ago | |
HandleKatz_BOF | | | |
tgtdelegation | 153 | almost 3 years ago | |
nanodump | 1,746 | 18 days ago | |
xPipe Cobalt Strike BOF (x64) | 75 | over 1 year ago | |
AddUser-Bof | 69 | almost 2 years ago | |
ServiceMove-BOF | 279 | over 2 years ago | |
Detect-Hooks | 94 | about 3 years ago | |
MemReader BoF | 41 | 10 months ago | |
Readfile BoF | 18 | over 2 years ago | |
ChromiumKeyDump | 18 | over 2 years ago | |
LdapSignCheck | 164 | about 2 months ago | |
DelegationBOF | 137 | over 2 years ago | |
RunOF | 139 | over 1 year ago | |
KillDefender_BOF | 56 | over 2 years ago | |
TokenStripBOF | 32 | over 2 years ago | |
BOF - RDPHijack | 292 | about 2 years ago | |
Koh | 484 | about 2 years ago | |
RDPHijack | 292 | about 2 years ago | |
KDStab | 154 | over 1 year ago | |
Token Vault BOF for Cobalt Strike | 136 | about 2 years ago | |
ASRenum | 137 | 7 months ago | |
ThreadlessInject-BOF | 365 | 9 months ago | |
Inline-Execute-PE | 629 | over 1 year ago | |
BOFs | 51 | over 1 year ago | |
DomainPasswordSpray | 42 | over 1 year ago | |
BOF-CredUI | 18 | almost 2 years ago | |
Cookie-Graber-BOF | 164 | 5 months ago | |
ScreenshotBOF | 340 | over 1 year ago | |
ScreenshotBOFPlus | 170 | over 1 year ago | |
Elevate-System-Trusted-BOF | 143 | over 1 year ago | |
Hidden Desktop BOF | 1,146 | 10 months ago | |
DropSpawn | 215 | over 1 year ago | |
Nanorobeus | 277 | over 1 year ago | |
SelfDel | 40 | over 1 year ago | |
GetWeChatBOF | 17 | about 1 year ago | |
ShadowRDP | 61 | 8 months ago | |
SharpHound4Cobalt | 46 | over 1 year ago | |
CVE-2020-0796-BOF | 68 | about 4 years ago | |
ZeroLogon-BOF | 156 | over 2 years ago | |
kernel-mii | 30 | over 1 year ago | |
PrivKit | 364 | 4 months ago | |
CVE-2023-36874 | 200 | about 1 year ago | |
SPAWN | 427 | over 1 year ago | |
PersistBOF | 264 | over 1 year ago | |
ClipboardWindow-Inject | 63 | about 2 years ago | |
SigFlip | 1,059 | about 1 year ago | |
BokuLoader | 1,245 | 11 months ago | |
AddDefenderExclusions | 31 | over 1 year ago | |
BOFMask | 105 | over 1 year ago | |
Trusted Path UAC Bypass | 116 | about 3 years ago | |
EventViewerUAC_BOF | 128 | over 2 years ago | |
Awesome CobaltStrike / 0x04 Aggressor Script |
BypassAV | 898 | about 4 years ago | |
BypassAV | 898 | about 4 years ago | |
scrun | 177 | about 5 years ago | |
Useage | | | BypassAV ShellCode Loader (Cobaltstrike/Metasploit) |
ShellCode_Loader | 407 | about 2 years ago | |
beacon-c2-go | 38 | over 4 years ago | |
C--Shellcode | 20 | almost 5 years ago | |
Useage | | | python ShellCode Loader (Cobaltstrike&Metasploit) |
Doge-Loader | 279 | over 3 years ago | |
CS-Loader | 816 | about 3 years ago | |
CSSG | 635 | 9 months ago | |
Alaris | 884 | 7 months ago | |
CarbonMonoxide | 22 | over 4 years ago | |
bypassAV-1 | 17 | over 3 years ago | |
ScareCrow | 2,717 | about 1 year ago | |
Dent | 295 | about 1 year ago | |
PEzor | 1,814 | 8 months ago | |
FuckThatPacker | 626 | over 2 years ago | |
goShellCodeByPassVT | | | |
HouQing | 125 | over 1 year ago | |
DesertFox | 205 | over 3 years ago | |
DInjector | | | |
GoBypass | | | |
Bypass-script | 21 | over 2 years ago | |
CobaltWhispers | 225 | almost 2 years ago | |
AceLdr | 867 | 4 months ago | |
SharpTerminator | 306 | over 1 year ago | |
UAC-SilentClean | 188 | about 3 years ago | |
csload.net | 121 | over 3 years ago | |
cs-rdll-example | 110 | over 4 years ago | |
Titan | | | |
GECC | | | |
CobaltStrike beacon in rust | 162 | about 2 months ago | |
red-team-scripts | 1,108 | almost 5 years ago | |
Registry-Recon | 320 | over 2 years ago | |
aggressor-powerview | 65 | over 6 years ago | |
PowerView | 11,812 | about 4 years ago | All functions listed in the PowerView about page are included in this with all arguments for each function |
PowerView3-Aggressor | 126 | about 6 years ago | |
PowerView | 11,812 | about 4 years ago | PowerView Aggressor Script for CobaltStrike |
AggressorScripts | 39 | almost 5 years ago | |
ServerScan | 1,544 | 4 months ago | |
TailorScan | 278 | almost 4 years ago | |
AggressiveProxy | 140 | almost 4 years ago | |
Spray-AD | 423 | over 2 years ago | |
Ladon | 4,818 | about 2 months ago | |
Ladon for Cobalt Strike | 981 | about 2 years ago | |
Recon-AD | 314 | almost 5 years ago | |
XSS-Fishing2-CS | 132 | over 4 years ago | |
XSS-Phishing | 268 | over 3 years ago | |
custom_payload_generator | 146 | almost 3 years ago | |
CrossC2 | 2,251 | 11 months ago | |
CrossC2 Kit | 205 | about 1 year ago | |
Cobaltstrike-MS17-010 | 416 | over 5 years ago | |
AES-PowerShellCode | 106 | almost 5 years ago | |
SweetPotato_CS | 238 | over 4 years ago | |
ElevateKit | 885 | over 4 years ago | |
CVE-2018-4878 | 87 | over 6 years ago | |
Aggressor-Scripts | 144 | over 6 years ago | |
CVE_2020_0796_CNA | 78 | about 4 years ago | |
ReflectiveDLLInjection | 2,709 | about 2 years ago | 基于 实现的本地提权漏洞 |
DDEAutoCS | 63 | almost 7 years ago | |
geacon | 1,141 | about 4 years ago | |
geacon_pro | | | |
geacon_plus | 383 | 12 months ago | |
SpoolSystem | 608 | about 2 years ago | |
CVE-2021-1675_RDL_LPE | 147 | about 3 years ago | |
KRBTGS | 28 | over 1 year ago | |
PrintSpoofer-ReflectiveDLL | 87 | almost 3 years ago | |
persistence-aggressor-script | 171 | over 6 years ago | |
Peinject_dll | | | |
TikiTorch | 749 | almost 3 years ago | |
CACTUSTORCH | 75 | over 6 years ago | TikiTorch follows the same concept( ) but has multiple types of process injection available, which can be specified by the user at compile time |
CACTUSTORCH | 994 | over 6 years ago | |
UploadAndRunFrp | 62 | about 5 years ago | |
persistence-aggressor-script | 42 | about 8 years ago | |
Persistence Aggressor Script | | | |
AggressiveGadgetToJScript | 99 | about 4 years ago | |
FrpProPlugin | | | |
Automatic-permission-maintenance | 4 | over 3 years ago | |
cobalt-strike-persistence | 70 | about 8 years ago | |
Cobalt_Strike_CNA | 517 | over 2 years ago | |
CustomKeyboardLayoutPersistence | 161 | over 1 year ago | |
SharpEventPersist | 364 | over 2 years ago | |
SharpZippo | 58 | over 2 years ago | |
SharpExcelibur | 85 | 8 days ago | |
SharpSword | 114 | about 1 year ago | |
SharpCat | 15 | about 3 years ago | |
TabRenamer CNA | 23 | over 2 years ago | |
Liquid Snake | 329 | about 3 years ago | |
TaskShell | 56 | over 3 years ago | |
generate-rotating-beacon | 1 | over 3 years ago | |
ScareCrow-CobaltStrike | 453 | about 2 years ago | |
AggressorScripts | 10 | over 3 years ago | |
SharpeningCobaltStrike | | | |
CS_Mail_Tip | | | |
Cobalt_Strike_Bot | 87 | over 1 year ago | |
Cobaltstrike-atexec | 87 | over 4 years ago | |
Sharp-HackBrowserData | 95 | almost 3 years ago | |
HackBrowserData | 169 | over 3 years ago | |
cobalt_sync | 25 | 2 months ago | |
samdump | | | |
CallBackDump | 543 | about 1 year ago | |
SharpeningCobaltStrike | | | |
SharpCompile | 290 | about 4 years ago | |
Quickrundown | 30 | over 5 years ago | |
NetUser | | | |
FileSearch | 151 | over 1 year ago | |
Phant0m_cobaltstrike | 27 | over 7 years ago | |
NoPowerShell | 961 | 11 months ago | |
EventLogMaster | 358 | almost 5 years ago | |
ANGRYPUPPY | 308 | over 4 years ago | |
CobaltStrike_Script_Wechat_Push | 44 | over 4 years ago | |
CS-Aggressor-Scripts | 77 | 7 months ago | |
Aggressor-Scripts | 7 | over 6 years ago | |
cs-magik | 33 | almost 6 years ago | |
GetClipboard | 12 | about 1 year ago | |
AggressorScripts | 7 | almost 4 years ago | |
Beaconator | 451 | about 3 years ago | |
Raven | 194 | about 5 years ago | |
CobaltStrikeParser | 1,011 | 10 months ago | |
fakelogonscreen | 1,287 | over 4 years ago | |
SyncDog | | | |
360SafeBrowsergetpass | 604 | over 3 years ago | |
SharpDecryptPwd | 1,157 | over 2 years ago | |
List-GitHubAssembly | 66 | almost 4 years ago | |
ExecuteAssembly | 538 | about 3 years ago | |
aggrokatz | 156 | over 3 years ago | |
Zipper | 188 | over 4 years ago | |
CS-ServerChan | 92 | over 1 year ago | |
CS-PushPlus | 122 | over 1 year ago | |
HelpColor | 189 | 7 months ago | |
CobaltStrike Helpmsg CNA | | | |
YouMayPasser | 242 | about 2 years ago | |
Sync Downloads | 92 | over 2 years ago | |
Headless Strike | 147 | about 2 years ago | |
Headless Strike | 294 | about 2 years ago | |
Cohab_Processes | 81 | over 1 year ago | |
EnumStrike | | | |
AM0N-Eye | | | |
aggressor_snippets | 23 | over 1 year ago | |
Erebus | 1,465 | almost 3 years ago | |
CSplugins | 17 | over 3 years ago | |
Cobalt-Strike-Aggressor-Scripts | 668 | about 3 years ago | |
Usage | 668 | about 3 years ago | CobaltStrike后渗透测试插件集合 |
AggressorScripts | 779 | about 2 years ago | |
RedTeamTools | 1,435 | about 3 years ago | |
cobalt-arsenal | 1,031 | over 1 year ago | |
MoveKit | 641 | over 4 years ago | |
intro | | | The aggressor script handles payload creation by reading the template files for a specific execution type |
StayKit | 462 | over 4 years ago | |
intro | | | The aggressor script handles payload creation by reading the template files for a specific execution type |
AggressorScripts | 271 | about 2 years ago | |
AggressorScripts | 1,479 | over 1 year ago | |
AggressorScripts | 271 | about 2 years ago | |
Aggressor-VYSEC | 207 | over 5 years ago | |
AggressorAssessor | 171 | about 2 months ago | |
AggressorAssessor | 171 | about 2 months ago | |
aggressor-scripts | 139 | about 3 years ago | |
梼杌 | 1,785 | 11 months ago | |
Aggressor-scripts | 403 | about 1 year ago | |
Aggressor-Script | 171 | about 6 years ago | |
Aggressor-Script | 527 | almost 2 years ago | |
aggressor_scripts_collection | 63 | about 7 years ago | |
CobaltStrike-ToolKit | 843 | almost 4 years ago | |
Arsenal | | | |
cobalt-arsenal | 1,031 | over 1 year ago | |
aggressor_scripts | 164 | about 2 months ago | |
aggressor | 18 | over 4 years ago | |
CobaltStrikeCNA | 29 | over 7 years ago | |
AggressorScripts | 28 | over 7 years ago | |
AggressorAssessor | 171 | about 2 months ago | |
AggressorCollection | 147 | over 5 years ago | |
Cobaltstrike-Aggressor-Scripts-Collection | 108 | over 4 years ago | |
aggressorScripts | 10 | about 2 years ago | |
Aggressor_Scripts | 11 | about 3 years ago | |
cobalt_strike_extension_kit | | | |
cobaltstrike | 180 | over 3 years ago | |
365CobaltStrike | | | |
Cobalt-Strike | | | |
CSPlugins | 400 | almost 4 years ago | |
CobaltStrike-xor | | | |
Z1-AggressorScripts | 543 | over 3 years ago | |
csplugin | 242 | over 1 year ago | |
CSplugins | 17 | over 3 years ago | |
LSTAR | 1,132 | over 2 years ago | |
SharpUtils | 46 | over 1 year ago | |
SharpToolsAggressor | 496 | over 4 years ago | |
C.Ex | | | |
OLa | 617 | about 2 years ago | |
|
cobaltstrike_brute | 28 | about 4 years ago | |
Dissecting Cobalt Strike using Python | 145 | 9 days ago | |
CobaltSpam | 365 | about 3 years ago | |
CobaltStrikeDos | 103 | about 3 years ago | |
CS_mock | 80 | about 2 years ago | |
CS_fakesubmit | 127 | about 2 years ago | |
CobaltStrikeScan | 127 | about 2 years ago | |
grab_beacon_config | 445 | about 3 years ago | |
C2-JARM | 136 | over 1 year ago | |
JARM | 1,158 | about 1 year ago | |
DetectCobaltStomp | | | |
cobaltstrike | 263 | over 3 years ago | |
CS_Decrypt | 138 | almost 4 years ago | |
CS Scripts | 31 | over 3 years ago | |
PyBeacon | 167 | almost 4 years ago | |
cobaltstrikescan | 451 | 3 months ago | |
CobaltStrikeForensic | 205 | over 1 year ago | |
DuckMemoryScan | 693 | about 2 years ago | |
CobaltSplunk Splunk Application | 83 | over 3 years ago | |
BeaconHunter | 479 | about 2 years ago | |
CobaltStrikeDetected | 262 | about 3 years ago | |
BeaconEye | 875 | about 1 month ago | |
Beacon_re | 86 | over 2 years ago | |
Beacon.dll | 134 | about 3 years ago | |
SharpBeacon | | | |
EvilEye | 145 | about 2 years ago | |
Hunt-Sleeping-Beacons | 145 | about 2 years ago | |
CSRouge | 9 | over 2 years ago | |
Cobalt Strike Discovery | 19 | about 2 months ago | |
bypass-beacon-config-scan | 84 | over 3 years ago | |
bypass-beacon-config-scan | 135 | about 2 years ago | |
Cooolis-ms | 908 | about 2 months ago | |
UrbanBishopLocal | 115 | about 4 years ago | |
UrbanBishop | 1,106 | almost 2 years ago | A port of FuzzySecurity's project for inline shellcode execution |
ShellcodeLoader | | | |
ZheTian | 724 | almost 2 years ago | |
EXOCET | 828 | about 2 years ago | |
SecondaryDevCobaltStrike | | | |
Bypass_Go | 32 | over 3 years ago | |
CrossNet-Beta | 362 | 4 months ago | |
EVA | | | |
BypassAV | 898 | about 4 years ago | |
NimShellCodeLoader | 618 | 9 months ago | |
beacon_hook_bypass_memscan | 24 | about 3 years ago | |
https://xz.aliyun.com/t/9399 | | | cs bypass卡巴斯基内存查杀: |
ZheTian | 724 | almost 2 years ago | |
bypassAV | 52 | about 3 years ago | |
JsLoader | 357 | over 3 years ago | |
ShellcodeLoader | 518 | about 4 years ago | |
Alt-Beacon-Payload | 20 | over 3 years ago | |
https://github.com/fullmetalcache/CsharpMMNiceness | 31 | over 5 years ago | Beacon payload using AV bypass method from and shellcode generated from |
SigFlip | 1,059 | about 1 year ago | |
SigFlip | 35 | almost 3 years ago | |
Shellcode Fluctuation PoC | 916 | over 2 years ago | |
cool | 688 | about 1 year ago | |
ThreadStackSpoofer | 1,018 | over 2 years ago | |
SleepyCrypt | 330 | about 3 years ago | |
GobypassAV | 800 | about 1 year ago | |
AtomLdr | 643 | over 1 year ago | |
Beacon | | | |
Linco2 | 135 | over 4 years ago | |
beacon-object-files | 10 | almost 4 years ago | |
C2ReverseProxy | 477 | over 1 year ago | |
Cobalt strike custom 404 page | 62 | over 4 years ago | |
StageStrike | 106 | over 4 years ago | |
CS_SSLGen | 2 | over 6 years ago | |
CobaltPatch | 37 | about 4 years ago | |
pycobalt | 291 | over 2 years ago | |
redshell | 209 | about 2 years ago | |
CobaltStrikeToGhostWriter | 28 | almost 4 years ago | |
Ansible-Cobalt-Strike | 16 | about 4 years ago | |
cobaltstrike_runtimeconfig | | | |
pystinger | 1,363 | about 3 years ago | |
ansible-role-cobalt-strike | 74 | about 2 months ago | |
CrossNet | 362 | 4 months ago | |
CrossC2-C2Profile | 83 | about 3 years ago | |
BypassAddUser | 45 | almost 4 years ago | |
Docker-CobaltStrike | | | |
TeamServer.prop | 61 | 3 months ago | |
Cobalt_Strike_Ansible | 33 | about 3 years ago | |
Ansible Role: Cobalt Strike | 31 | over 3 years ago | |
csOnvps | 289 | over 2 years ago | |
Cobalt Strike Sleep Python Bridge | 166 | over 1 year ago | |
c2_reporter | 20 | almost 4 years ago | |
Cobalt Strike Beacon Dataset | 122 | over 2 years ago | |
Dumpert | 1,471 | almost 4 years ago | |
DuplicateDump | 194 | over 2 years ago | |
BOFHound | 293 | 7 months ago | |
PersistAssist | 249 | over 1 year ago | |
ElusiveMice | 415 | about 1 year ago | |
GoFileBinder | 154 | almost 3 years ago | |
geacon | 1,141 | about 4 years ago | |
geacon | 157 | about 2 years ago | |
redi | 139 | almost 7 years ago | |
cs2modrewrite | 579 | over 1 year ago | |
cs2webconfig | 109 | about 3 years ago | |
RedGuard | 1,373 | about 2 months ago | |
WebGuard | 31 | over 2 years ago | |
RedWarden | 914 | almost 2 years ago | |
RedCaddy | 189 | 4 months ago | |
Oratu | | | |
Oss-stinger | 340 | almost 2 years ago | |
Apache Mod_Rewrite Terrafrom Automation | 46 | over 3 years ago | |
Red-EC2 | 59 | about 4 years ago | |
Rapid Attack Infrastructure | 294 | almost 3 years ago | |
RedCommander | 219 | about 4 years ago | |
here | | | Creates two Cobalt Strike C2 servers (DNS and HTTPS), with redirectors, and RedELK in Amazon AWS. Minimal setup required! Companion Blog |
CobaltPatch | | | |
CPLResourceRunner | 252 | almost 4 years ago | |
csdroid | 52 | almost 2 years ago | |
vscode-language-aggressor | 123 | 4 months ago | |
PayloadAutomation | 116 | over 2 years ago | |
CrackSleeve | 26 | over 3 years ago | |
beacon | | | |
ExternalC2.NET | 83 | almost 3 years ago | |
GPUSleep | 213 | almost 3 years ago | |
CallStackMasker | 244 | over 1 year ago | |
CSAgent | | | |
|
SilasCutler JARM Scan CobaltStrike Beacon Config.json | | | |
Cobalt Strike hashes | | | |
List of Cobalt Strike servers | | | |
CobaltStrike samples pass=infected | | | |
List of spawns from exposed Cobalt Strike C2 | | | |
C2IntelFeeds | 514 | 8 days ago | |
apt_cobaltstrike | 2,449 | 8 days ago | |
apt_cobaltstrike_evasive | 2,449 | 8 days ago | |
rules | 263 | over 3 years ago | |
suricata-rules | 1,120 | about 1 year ago | |