cobaltstrike – Telegram

cobaltstrike

2K subscribers

28 photos

1 video

18 files

559 links

All about Cobalt Strike. New versions, articles and more.

Download Telegram

About

Blog

Apps

Platform

MSI BOF LPE

https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers

https://github.com/mandiant/msi-search

Google Cloud Blog

Escalating Privileges via Third-Party Windows Installers | Mandiant | Google Cloud Blog

3.0K views19:13

Run BOFs written for Cobalt Strike in Brute Ratel C4

https://blog.nviso.eu/2023/07/17/introducing-cs2br-pt-ii-one-tool-to-port-them-all/

https://github.com/NVISOsecurity/cs2br-bof

Introducing CS2BR pt. II – One tool to port them all

Introduction In the previous post of this series we showed why Brute Ratel C4 (BRC4) isn’t able to execute most BOFs that use the de-facto BOF API standard by Cobalt Strike (CS): BRC4 impleme…

5.9K views06:54

https://github.com/Octoberfest7/CVE-2023-36874_BOF

Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE

GitHub - Octoberfest7/CVE-2023-36874_BOF: Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE

Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE - Octoberfest7/CVE-2023-36874_BOF

3.2K views04:58

Red Team C2 Log Visualization (include Cobalt Strike)

https://github.com/cisagov/RedEye

GitHub - cisagov/RedEye: RedEye is a visual analytic tool supporting Red & Blue Team operations

RedEye is a visual analytic tool supporting Red & Blue Team operations - cisagov/RedEye

3.4K views06:39

Cobalt Strike 4.9: Take Me To Your Loader

https://www.cobaltstrike.com/blog/cobalt-strike-49-take-me-to-your-loader

Cobalt Strike 4.9: Take Me To Your Loader | Cobalt Strike

Cobalt Strike 4.9 is live, with post-ex support for UDRLs, the ability to export Beacon without a loader, support for callbacks and more.

4.0K views05:47

Forwarded from VX-SH

arsenal-kit20230919.tgz

BooM 💥

3.7K views05:48

Taking a quick look at the new Aggressor callbacks in Cobalt Strike 4.9.

https://rastamouse.me/cobalt-strike-aggressor-callbacks/

3.6K views14:36

3.9K views12:00

BOFRYPTOR: ENCRYPTING YOUR BEACON DURING BOF EXECUTION TO AVOID MEMORY SCANNERS

https://github.com/securifybv/BOFRyptor

GitHub - securifybv/BOFRyptor

Contribute to securifybv/BOFRyptor development by creating an account on GitHub.

3.8K views14:24

Stealth redirector for your red team operation security

https://github.com/D00Movenok/BounceBack

GitHub - D00Movenok/BounceBack: ↕️🤫 Stealth redirector for your red team operation security

↕️🤫 Stealth redirector for your red team operation security - D00Movenok/BounceBack

3.9K views11:22

This media is not supported in your browser

VIEW IN TELEGRAM

4.3K views07:31

Create Reflective DLL for Cobalt Strike with GOLANG

https://sokarepo.github.io//redteam/2023/10/11/create-reflective-dll-for-cobaltstrike.html

Create Reflective DLL for Cobalt Strike

3.9K views07:45

NIM loader Cobalt Strike

https://github.com/yutianqaq/CSx3Ldr

GitHub - yutianqaq/CSx3Ldr: Cobalt Strike插件

Cobalt Strike插件. Contribute to yutianqaq/CSx3Ldr development by creating an account on GitHub.

3.3K views12:21

Creating Object File Monstrosities with Sleep Mask and LLVM

The Mutator kit is now part of the Cobalt Strike Arsenal Kit. It allows you to mutate BOFs, sleep masks and more with LLVM.

🔗 https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm

Introducing the Mutator Kit: Creating Object File Monstrosities with Sleep Mask and LLVM

This blog introduces the mutator kit, which uses an LLVM obfuscator to break in-memory YARA scanning of the sleep mask.

4.0K views11:07

https://github.com/Crypt0s/DelegationBOF

GitHub - Crypt0s/DelegationBOF

Contribute to Crypt0s/DelegationBOF development by creating an account on GitHub.

4.0K views06:49

https://github.com/Tw1sm/SQL-BOF

GitHub - Tw1sm/SQL-BOF: Library of BOFs to interact with SQL servers

Library of BOFs to interact with SQL servers. Contribute to Tw1sm/SQL-BOF development by creating an account on GitHub.

4.0K views09:17

Injecting Malicious Code into PDF Files and PDF Dropper Creation

https://cti.monster/blog/2024/07/25/pdfdropper.html

Injecting Malicious Code into PDF Files and PDF Dropper Creation

3.0K views14:31

DojoLoader — Generic PE Loader for Prototyping Evasion Techniques

This is a versatile PE loader designed for prototyping evasion techniques. It supports downloading and executing encrypted shellcode, dynamic IAT hooking, and three Sleep obfuscation methods. Ideal for use with UDRL-less Beacon payloads from Cobalt Strike.

Blog Post:
https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html

Source:
https://github.com/naksyn/DojoLoader

#cobaltstrike #udrl #memory #evasion

Naksyn’s blog

Raising Beacons without UDRLs and Teaching them How to Sleep

UDRLs and prepended loaders aren’t the only way to execute a raw payload and get a direct hooking in place. In the case of Cobalt Strike, a generic PE loader can be tweaked to execute an UDRL-less Beacon and get direct hooking for an easier prototyping of…

3.1K views12:49

NtDumpBOF

BOF port of the tool NativeDump which dump lsass using only Native APIs

3.0K views06:19

https://github.com/b3nguang/CS-Dingtalk-Bot

GitHub - b3nguang/CS-Dingtalk-Bot: Cobalt Strike 钉钉机器人上线提醒

Cobalt Strike 钉钉机器人上线提醒. Contribute to b3nguang/CS-Dingtalk-Bot development by creating an account on GitHub.

2.8K views16:45