Reference Malleable C2 profile was just updated to take advantage of the latest #CobaltStrike 3.12 additions.
https://github.com/threatexpress/malleable-c2
https://github.com/threatexpress/malleable-c2
GitHub
GitHub - threatexpress/malleable-c2: Cobalt Strike Malleable C2 Design and Reference Guide
Cobalt Strike Malleable C2 Design and Reference Guide - threatexpress/malleable-c2
APTSimulator 0.9.0 featuring #CobaltStrike beacon activity simulation with
- NamedPipe Creation
- Service installation & exec pattern
- HTTP beaconing
https://github.com/NextronSystems/APTSimulator/releases/tag/0.9.0
- NamedPipe Creation
- Service installation & exec pattern
- HTTP beaconing
https://github.com/NextronSystems/APTSimulator/releases/tag/0.9.0
GitHub
Release APT Simulator Version 0.9.0 · NextronSystems/APTSimulator
Cobalt Strike beacon activity simulation including: Default Named Pipes, Service creation during GetSystem, HTTP Beaconing
Slightly changed @SentinelOne
CobaltStrikeParser to flood #CobaltStrike servers with fake beacons
https://github.com/hariomenkel/CobaltSpam
CobaltStrikeParser to flood #CobaltStrike servers with fake beacons
https://github.com/hariomenkel/CobaltSpam
GitHub
GitHub - NexusFuzzy/CobaltSpam: Tool based on CobaltStrikeParser from SentinelOne which can be used to spam a CobaltStrike server…
Tool based on CobaltStrikeParser from SentinelOne which can be used to spam a CobaltStrike server with fake beacons - NexusFuzzy/CobaltSpam
CoffLoader
It's just un implementation of in-house CoffLoader supporting #CobaltStrike standard BOF and BSS initialized variables.
Look at the main.c file to change the BOF and its parameters. CobalStrike handles the BOF parameter in a special way, the Arg structure is here to pass parameters easier.
https://github.com/OtterHacker/CoffLoader
It's just un implementation of in-house CoffLoader supporting #CobaltStrike standard BOF and BSS initialized variables.
Look at the main.c file to change the BOF and its parameters. CobalStrike handles the BOF parameter in a special way, the Arg structure is here to pass parameters easier.
https://github.com/OtterHacker/CoffLoader
GitHub
GitHub - OtterHacker/CoffLoader
Contribute to OtterHacker/CoffLoader development by creating an account on GitHub.
DojoLoader — Generic PE Loader for Prototyping Evasion Techniques
This is a versatile PE loader designed for prototyping evasion techniques. It supports downloading and executing encrypted shellcode, dynamic IAT hooking, and three Sleep obfuscation methods. Ideal for use with UDRL-less Beacon payloads from Cobalt Strike.
Blog Post:
https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html
Source:
https://github.com/naksyn/DojoLoader
#cobaltstrike #udrl #memory #evasion
This is a versatile PE loader designed for prototyping evasion techniques. It supports downloading and executing encrypted shellcode, dynamic IAT hooking, and three Sleep obfuscation methods. Ideal for use with UDRL-less Beacon payloads from Cobalt Strike.
Blog Post:
https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html
Source:
https://github.com/naksyn/DojoLoader
#cobaltstrike #udrl #memory #evasion
Naksyn’s blog
Raising Beacons without UDRLs and Teaching them How to Sleep
UDRLs and prepended loaders aren’t the only way to execute a raw payload and get a direct hooking in place. In the case of Cobalt Strike, a generic PE loader can be tweaked to execute an UDRL-less Beacon and get direct hooking for an easier prototyping of…
Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping….
#cobaltstrike
Cobalt Strike 4.11 is now available. This release introduces a novel Sleepmask, a novel process injection technique, new out-of-the-box obfuscation options for Beacon, asynchronous BOFs, and a DNS over HTTPS (DoH) Beacon. Additionally, we have overhauled Beacon’s reflective loader and there are numerous QoL updates. Out-of-the-Box Evasion Overhaul The focus of this release (and the [...]
via Cobalt Strike Blog (author: William Burgess)
#cobaltstrike
Cobalt Strike 4.11 is now available. This release introduces a novel Sleepmask, a novel process injection technique, new out-of-the-box obfuscation options for Beacon, asynchronous BOFs, and a DNS over HTTPS (DoH) Beacon. Additionally, we have overhauled Beacon’s reflective loader and there are numerous QoL updates. Out-of-the-Box Evasion Overhaul The focus of this release (and the [...]
via Cobalt Strike Blog (author: William Burgess)