• Stars
    star
    1,434
  • Rank 32,829 (Top 0.7 %)
  • Language
  • License
    GNU General Publi...
  • Created about 6 years ago
  • Updated 11 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Cobalt Strike Malleable C2 Design and Reference Guide

Cobalt Strike Malleable C2 Design and Reference Guide

This project is intended to serve as reference when designing Cobalt Strike Malleable C2 profiles.

Always verify your profile with ./c2lint [/path/to/my.profile] prior to use!

Malleable C2 Profile Guidance

The following dive deeper into the understanding of Malleable C2

Changelog

20221022 - Updated for CS 4.7

  • Added 4.7 reference profile
  • Updated MalleableExplained.md with 4.7 considerations

20220421 - Updated for CS 4.6

  • Added 4.6 reference profile
  • No more '1MB' limit
  • Updated MalleableExplained.md with 4.6 considerations

202112 - Updated for CS 4.5

  • Added 4.5 reference profile
  • Updated MalleableExplained.md with 4.5 considerations

202108 - Added MalleableExplained.md

202103 - Add CS 4.3 Reference Profile

  • Add latest Malleable C2 profile options for Cobalt Strike 4.3
  • Moved dns settings to new dns-beacon section
  • 4.3 Additions
    • dns-beacon
      • beacon
      • get_A
      • get_AAAA
      • get_TXT
      • put_metadata
      • put_output
      • ns_response
    • http-config
      • block_useragents

202011 - Add CS 4.2 Reference Profile

  • Add latest MalleablePE and MalleableC2 options for Cobalt Strike 4.1 and 4.2
  • 4.1 Additions: tcp_frame_header, smb_frame_header, ssh_banner
  • 4.2 Additions:
    • global
      • data_jitter
      • headers_remove
      • ssh_pipename
    • postex
      • pipename
      • thread_hint
      • keylogger
    • stage
      • allocator
      • magic_mz_86|magic_mz_64
      • magic_pe

202003 - CS 4.0 Reference Profile

  • Add CS4.0 reference profile of available malleable C2 options
  • Remove deprecated features (amsi_disable, disable for process injection techniques, etc)

Authors

  • @joevest
  • @001SPARTaN
  • @andrewchiles
  • @Charles-Foster-Kane

License

This project and all individual scripts are under the GNU GPL v3.0 license.

More Repositories

1

domainhunter

Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names
Python
1,418
star
2

red-team-scripts

A collection of Red Team focused tools, scripts, and notes
PowerShell
1,092
star
3

random_c2_profile

Cobalt Strike random C2 Profile generator
Python
583
star
4

cs2modrewrite

Convert Cobalt Strike profiles to modrewrite scripts
Python
565
star
5

metatwin

The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.
HTML
313
star
6

tinyshell

Python
161
star
7

aggressor-scripts

Cobalt Strike Aggressor Scripts
JavaScript
137
star
8

pasties

A collection of random bits of information common to many individual penetration tests, red teams, and other assessments
Shell
106
star
9

subshell

SubShell is a python command shell used to control and execute commands through HTTP requests to a webshell. SubShell acts as the interface to the remote webshells.
Python
73
star
10

threatbox

ThreatBox is a standard and controlled Linux based attack platform. I've used a version of this for years. It started as a collection of scripts, lived as a rolling virtual machine, existed as code to build a Linux ISO, and has now been converted to a set of ansible playbooks. Why Ansible? Why not? This seemed a natural evolution.
Smarty
69
star
11

invoke-pipeshell

SMB Named Pipe shell
PowerShell
62
star
12

portplow

PortPlow is a distributed port and system scanning & enumeration service. It enables the quick and automated enumeration of ports and services from multiple systems managed by a central console.
JavaScript
53
star
13

edc

Event Data Collector
Python
34
star
14

mythic2modrewrite

Generate Apache mod_rewrite rules for Mythic C2 profiles
Python
25
star
15

threat-mitigation

Threat Mitigation Strategies
22
star
16

procdot_sandbox

ProcDot Malware Sandbox
Python
19
star
17

cobaltstrike_payload_generator

Quickly generate every payload type for each listener and optionally host via HTTP.
13
star
18

threatexpress

HTML
11
star
19

redteamguide

Home of https://redteam.guide
JavaScript
9
star
20

tools

Tools
1
star