Scan files or process memory for #Cobalt_Strike beacons and parse their configuration
https://github.com/Apr4h/CobaltStrikeScan
C2concealer is a command line tool that generates randomized C2 malleable profiles for use in #Cobalt_Strike
https://github.com/FortyNorthSecurity/C2concealer
#Cobalt_Strike Malleable C2 Profiles
A collection of profiles used in different projects using Cobalt Strike
https://github.com/xx0hcd/Malleable-C2-Profiles
Agressor script that lists available #Cobalt_Strike beacon commands and colors them based on their type
https://github.com/outflanknl/HelpColor
Detect and respond to #Cobalt_Strike beacons using ETW
https://github.com/3lp4tr0n/BeaconHunter
Tool based on #Cobalt_Strike Parser from SentinelOne which can be used to spam a CobaltStrike server with fake beacons
https://github.com/hariomenkel/CobaltSpam
SourcePoint is a C2 profile generator for #Cobalt_Strike command and control servers designed to ensure evasion
https://github.com/Tylous/SourcePoint
Hunts out #Cobalt_Strike beacons and logs operator command output
https://github.com/CCob/BeaconEye
#Cobalt_Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities
https://github.com/boku7/CobaltStrikeReflectiveLoader
#Cobalt_Strike Beacon configuration extractor and parser
https://github.com/threatexpress/random_c2_profile
#Cobalt_Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
https://github.com/mgeeky/RedWarden
#Cobalt_Strike script for ScareCrow payloads (EDR/AV evasion)
https://github.com/GeorgePatsias/ScareCrow-CobaltStrike
collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
https://github.com/mgeeky/cobalt-arsenal
#Cobalt_Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
https://github.com/mgeeky/ElusiveMice
#Cobalt_Strike Beacon configuration extractor and parser
https://github.com/strozfriedberg/cobaltstrike-config-extractor
#Cobalt_Strike Malleable C2 Design and Reference Guide
https://github.com/threatexpress/malleable-c2
A NET Runtime for #Cobalt_Strike Beacon Object Files
https://github.com/CCob/BOF.NET
#Cobalt_Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing
https://github.com/boku7/spawn
Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's
https://github.com/boku7/whereami
A #Cobalt_Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles
https://github.com/outflanknl/FindObjects-BOF
A Beacon Object File (BOF) for #Cobalt_Strike which uses direct system calls to enable WDigest credential caching
https://github.com/outflanknl/WdToggle
#Cobalt_Strike BOF - Bypass AMSI in a remote process with code injection
https://github.com/boku7/injectAmsiBypass
Pointer was developed for massive hunting and mapping #Cobalt_Strike servers exposed on the internet
https://github.com/shabarkin/pointer
#Cobalt_Strike Shellcode Generator
https://github.com/RCStep/CSSG
Implement load #Cobalt_Strike & Metasploit shellcode with golang
https://github.com/zha0gongz1/DesertFox
Cobalt Strike Aggressor extension for Visual Studio Code
https://github.com/darkoperator/vscode-language-aggressor
An Ansible role for installing #Cobalt_Strike
https://github.com/cisagov/ansible-role-cobalt-strike
Convert #Cobalt_Strike profiles to IIS web.config files
https://github.com/bashexplode/cs2webconfig
#Cobalt_Strike decrypt
https://github.com/WBGlIl/CS_Decrypt
Detects Module Stomping as implemented by #Cobalt_Strike
https://github.com/slaeryan/DetectCobaltStomp
Toolset for research malware and #Cobalt_Strike beacons
https://github.com/RomanEmelyanov/CobaltStrikeForensic
https://github.com/Apr4h/CobaltStrikeScan
C2concealer is a command line tool that generates randomized C2 malleable profiles for use in #Cobalt_Strike
https://github.com/FortyNorthSecurity/C2concealer
#Cobalt_Strike Malleable C2 Profiles
A collection of profiles used in different projects using Cobalt Strike
https://github.com/xx0hcd/Malleable-C2-Profiles
Agressor script that lists available #Cobalt_Strike beacon commands and colors them based on their type
https://github.com/outflanknl/HelpColor
Detect and respond to #Cobalt_Strike beacons using ETW
https://github.com/3lp4tr0n/BeaconHunter
Tool based on #Cobalt_Strike Parser from SentinelOne which can be used to spam a CobaltStrike server with fake beacons
https://github.com/hariomenkel/CobaltSpam
SourcePoint is a C2 profile generator for #Cobalt_Strike command and control servers designed to ensure evasion
https://github.com/Tylous/SourcePoint
Hunts out #Cobalt_Strike beacons and logs operator command output
https://github.com/CCob/BeaconEye
#Cobalt_Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities
https://github.com/boku7/CobaltStrikeReflectiveLoader
#Cobalt_Strike Beacon configuration extractor and parser
https://github.com/threatexpress/random_c2_profile
#Cobalt_Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
https://github.com/mgeeky/RedWarden
#Cobalt_Strike script for ScareCrow payloads (EDR/AV evasion)
https://github.com/GeorgePatsias/ScareCrow-CobaltStrike
collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
https://github.com/mgeeky/cobalt-arsenal
#Cobalt_Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
https://github.com/mgeeky/ElusiveMice
#Cobalt_Strike Beacon configuration extractor and parser
https://github.com/strozfriedberg/cobaltstrike-config-extractor
#Cobalt_Strike Malleable C2 Design and Reference Guide
https://github.com/threatexpress/malleable-c2
A NET Runtime for #Cobalt_Strike Beacon Object Files
https://github.com/CCob/BOF.NET
#Cobalt_Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing
https://github.com/boku7/spawn
Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's
https://github.com/boku7/whereami
A #Cobalt_Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles
https://github.com/outflanknl/FindObjects-BOF
A Beacon Object File (BOF) for #Cobalt_Strike which uses direct system calls to enable WDigest credential caching
https://github.com/outflanknl/WdToggle
#Cobalt_Strike BOF - Bypass AMSI in a remote process with code injection
https://github.com/boku7/injectAmsiBypass
Pointer was developed for massive hunting and mapping #Cobalt_Strike servers exposed on the internet
https://github.com/shabarkin/pointer
#Cobalt_Strike Shellcode Generator
https://github.com/RCStep/CSSG
Implement load #Cobalt_Strike & Metasploit shellcode with golang
https://github.com/zha0gongz1/DesertFox
Cobalt Strike Aggressor extension for Visual Studio Code
https://github.com/darkoperator/vscode-language-aggressor
An Ansible role for installing #Cobalt_Strike
https://github.com/cisagov/ansible-role-cobalt-strike
Convert #Cobalt_Strike profiles to IIS web.config files
https://github.com/bashexplode/cs2webconfig
#Cobalt_Strike decrypt
https://github.com/WBGlIl/CS_Decrypt
Detects Module Stomping as implemented by #Cobalt_Strike
https://github.com/slaeryan/DetectCobaltStomp
Toolset for research malware and #Cobalt_Strike beacons
https://github.com/RomanEmelyanov/CobaltStrikeForensic
#Cobalt_Strike random C2 Profile generator
https://github.com/threatexpress/random_c2_profile
#Cobalt_Strike Aggressor Scripts
https://github.com/timwhitez/Cobalt-Strike-Aggressor-Scripts
Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.exe" by using DCOM object
https://github.com/netero1010/TrustedPath-UACBypass-BOF
A list of JARM hashes for different ssl implementations used by some C2/red team tools
https://github.com/cedowens/C2-JARM
grab beacon config
https://github.com/whickey-r7/grab_beacon_config
https://github.com/threatexpress/random_c2_profile
#Cobalt_Strike Aggressor Scripts
https://github.com/timwhitez/Cobalt-Strike-Aggressor-Scripts
Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.exe" by using DCOM object
https://github.com/netero1010/TrustedPath-UACBypass-BOF
A list of JARM hashes for different ssl implementations used by some C2/red team tools
https://github.com/cedowens/C2-JARM
grab beacon config
https://github.com/whickey-r7/grab_beacon_config
The project is compiled based on the LandGrey/SpringBootVulExploit list The purpose is to quickly exploit vulnerabilities during hvv and lower the threshold for exploiting vulnerabilities
https://github.com/0x727/SpringBootExploit
h2-jdbc(https://github.com/h2database/h2database/issues/3195) & mysql-jdbc(CVE-2021-2471) SQLXML XXE vulnerability reproduction
https://github.com/SecCoder-Security-Lab/jdbc-sqlxml-xxe
https://github.com/0x727/SpringBootExploit
h2-jdbc(https://github.com/h2database/h2database/issues/3195) & mysql-jdbc(CVE-2021-2471) SQLXML XXE vulnerability reproduction
https://github.com/SecCoder-Security-Lab/jdbc-sqlxml-xxe
#Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver's implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS. Implants are dynamically compiled with unique X.509 certificates signed by a per-instance certificate authority generated when you first run the binary
_ support MacOS, Windows, and Linux Implants are supported on MacOS, Windows, and Linux (and possibly every Golang compiler target but we've not tested them all)
https://github.com/BishopFox/sliver
_ support MacOS, Windows, and Linux Implants are supported on MacOS, Windows, and Linux (and possibly every Golang compiler target but we've not tested them all)
https://github.com/BishopFox/sliver
#crawlergo A powerful browser crawler for web vulnerability scanners
https://github.com/Qianlitp/crawlergo
https://github.com/Qianlitp/crawlergo
#trojan-go The Trojan proxy implemented by Go supports multiplexing/routing functions/CDN relay/Shadowsocks obfuscation plug-in, multi-platform, no dependencies
https://github.com/p4gefau1t/trojan-go
https://github.com/p4gefau1t/trojan-go
#openvpn-install road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
https://github.com/Nyr/openvpn-install
#wireguard-install road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
https://github.com/Nyr/wireguard-install
https://github.com/Nyr/openvpn-install
#wireguard-install road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
https://github.com/Nyr/wireguard-install
exploit for #CVE-2021-40449, a Windows LPE via a UAF in win32kfull!GreResetDCInternal
https://github.com/hakivvi/CVE-2021-40449
https://github.com/hakivvi/CVE-2021-40449
#Fugu14 Untethered iOS 14 Jailbreak
Supported Devices/iOS Versions all arm64e devices (iPhone XS and newer) on iOS 14.3 - 14.5.1
https://github.com/LinusHenze/Fugu14
Supported Devices/iOS Versions all arm64e devices (iPhone XS and newer) on iOS 14.3 - 14.5.1
https://github.com/LinusHenze/Fugu14
#Thread_Stack_Spoofing PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts
https://github.com/mgeeky/ThreadStackSpoofer
#RustSCRunner Shellcode Runner/Injector in Rust using NTDLL functions directly with the ntapi Library
https://github.com/memN0ps/RustSCRunner
https://github.com/mgeeky/ThreadStackSpoofer
#RustSCRunner Shellcode Runner/Injector in Rust using NTDLL functions directly with the ntapi Library
https://github.com/memN0ps/RustSCRunner
#CVE-2021-22005 - #VMWare vCenter Server File Upload to #RCE
https://github.com/r0ckysec/CVE-2021-22005
https://github.com/r0ckysec/CVE-2021-22005