[Google translation from Chinese original text]
This is a collection of excellent CobaltStrike content, including excellent resource tools or excellent project codes. Most of the tools in this project do not detect whether there is a backdoor, so they must be run under a virtual machine. The CobaltStrike idea is an improvement for attackers. Author: 0e0w
This project was created on August 3, 2021. The last update was on August 4, 2023.
- 01-CobaltStrike resources
- 02-CobaltStrike program
- 03-CobaltStrike functions
- 04-CobaltStrike extensions
- 05-CobaltStrike Research
- 06-CobaltStrike Modification
- 07-CobaltStrike Anti-Kill
- 08-CobaltStrike Reference
- https://github.com/search?q=CobaltStrike
- https://github.com/topics/cobalt-strike
- https://github.com/topics/cobaltstrike
- Official Manual
- Basic Tutorial
-
Video Tutorial
-
Other resources
- https://github.com/S1ckB0y1337/Cobalt-Strike-CheatSheet
- https://github.com/cisagov/ansible-role-cobalt-strike
- https://github.com/hattmo/c2profilejs
- https://github.com/jan-call/Cobaltstrike-Plugins
- https://github.com/REW-sploit/REW-sploit
- https://github.com/geemion/Khepri
- 【Knowledge Review】Cobalt Strike 4.0 Certification and patching process
- CobaltStrike4.0 Hook-free brute force Cracked License idea
- https://github.com/Tw1sm/HTTPS-MalleableC2-Config
- https://github.com/bashexplode/cs2webconfig
- https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence
- https://github.com/cisagov/teamserver-packer
- https://github.com/Cerbersec/DomainBorrowingC2
- https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
- https://github.com/XRSec/Docker-CobaltStrike
- https://wbglil.gitbook.io/cobalt-strike
- https://github.com/akkuman/EvilEye
- https://github.com/wsummerhill/CobaltStrike_RedTeam_CheatSheet
- https://github.com/splunk/melting-cobalt
- https://github.com/AlphabugX/csOnvps
- https://github.com/warhorse/ansible-role-cobaltstrike-docker
- https://github.com/kluo84/CS-notes
- https://github.com/lovechoudoufu/cobaltstrike4.4_cdf
- https://www.anquanke.com/post/id/269539
- https://github.com/rmartinsanta/cs-dns-parser
- https://github.com/outflanknl/C2-Tool-Collection
- https://xz.aliyun.com/t/11404
- https://tttang.com/archive/1631
- https://xz.aliyun.com/t/11508
- https://tttang.com/archive/1662
- https://bbs.pediy.com/thread-273749.htm
- https://www.anquanke.com/post/id/278690
- https://xz.aliyun.com/t/11662
- https://github.com/XXC385/Cobalt-Strike-Start
- https://www.anquanke.com/post/id/285270
- https://xz.aliyun.com/t/12094
- https://www.secpulse.com/archives/196736.html
- https://github.com/zer0yu/Awesome-CobaltStrike IV. BOFs: Beacon Object Files
- https://github.com/BOFs/BOFs
- https://github.com/Cerbersec/KillDefenderBOF V. Aggressor Scripts
- https://github.com/topics/aggressor
- https://github.com/001SPARTaN/aggressor_scripts
- https://github.com/0x727/AggressorScripts_0x727
- https://github.com/harleyQu1nn/AggressorScripts
- https://github.com/bluscreenofjeff/AggressorScripts
- https://github.com/jordanpotti/opsec-aggressor
- https://github.com/mgeeky/cobalt-arsenal
- https://github.com/Cobalt-Strike/beacon_health_check
- https://github.com/RCStep/CSSG
- https://github.com/Verizon/redshell
- https://github.com/EspressoCake/Aggressor_Scripts
- https://github.com/darkoperator/vscode-language-aggressor
- https://github.com/threatexpress/cobaltstrike_payload_generator
- https://github.com/outflanknl/HelpColor
- https://github.com/capt-meelo/Beaconator
- https://github.com/NVISOsecurity/cobalt-strike-notifier
- https://github.com/FortyNorthSecurity/AggressorAssessor
- https://github.com/outflanknl/Dumpert
- https://github.com/killswitch-GUI/CobaltStrike-ToolKit
- https://github.com/Und3rf10w/Aggressor-scripts
- https://github.com/vysecurity/Aggressor-VYSEC
- https://github.com/rasta-mouse/Aggressor-Script
- https://github.com/422926799/csplugin
- https://github.com/Peco602/cobaltstrike-aggressor-scripts
- Online reminder
- CS_Mail_Tip
- WeChatPush
- https://github.com/Daybr4ak/C2ReverseProxy
- https://github.com/teamssix/dingding_cs_notice
- https://github.com/lintstar/CS-PushPlus
- https://github.com/lintstar/CS-ServerChan
- Persistent online
- https://github.com/0xthirteen/StayKit
- https://github.com/TheKingOfDuck/XSS-Fishing2-CS
- https://github.com/yanghaoi/CobaltStrike_CNA
- https://github.com/improsec/SharpEventPersist
- https://github.com/Richard-Tang/Tomcat2CS
- Virtual online
- https://github.com/Doneone/happy_cs
- Privilege escalation
- weichi
- ElevateKit
- Aggressor-Script
- SweetPotato_CS
- Vulnerability Scanning
- CVE-2018-4878
- CVE-2020-0796
- MS17-010
- Traffic Tunneling
- UploadAndRunFrp
- https://github.com/m3rcer/Chisel-Strike
- Trace Cleanup
- EventLogMaster
- Phant0m_cobaltstrike
- Near-source attack
- https://github.com/AdminTest0/badusb_cobaltstrike VI. Kit
- 神器獬廌
- https://github.com/Te-k/cobaltstrike
- https://github.com/S1ckB0y1337/Cobalt-Strike-CheatSheet
- https://github.com/RedXRanger/StageStrike
- https://github.com/outflanknl/Zipper
- https://github.com/Ridter/CS_Chinese_support
- https://github.com/0xthirteen/MoveKit
- https://github.com/SecIdiot/Beacon
- https://github.com/xx0hcd/Malleable-C2-Profiles
- https://github.com/Ridter/cs_custom_404
- https://github.com/nccgroup/pybeacon
- https://github.com/Skactor/cs-scripts
- https://www.svenbeast.com/post/ny5NkDd40
- https://github.com/j5s/Automatic-permission-maintenance
- https://github.com/mgeeky/RedWarden
- https://github.com/Lz1y/GECC
- https://github.com/Daybr4ak/C2ReverseProxy
- https://github.com/Twi1ight/CSAgent
- https://github.com/ORCA666/Cobalt-Wipe
- https://github.com/xorrior/raven
- https://github.com/xinbailu/TiEtwAgent
- https://github.com/GeorgePatsias/ScareCro
- https://github.com/burpheart/CS_mock
- https://github.com/huoji120/CobaltStrikeDetected
- https://github.com/Mikasazero/Cobalt-Strike
- https://github.com/D1sAbl4/samdump
- https://github.com/ASkyeye/CobaltPatch
- https://github.com/boku7/halosgate-ps
- https://github.com/CCob/BeaconEye
- https://github.com/Sentinel-One/CobaltStrikeParser
- https://github.com/hariomenkel/CobaltSpam
- https://github.com/cisagov/ansible-role-cobalt-strike
- https://github.com/dcsync/pycobalt
- https://github.com/optiv/Registry-Recon
- https://github.com/wgpsec/Automatic-permission-maintenance
- https://github.com/Kara-4search/APC_ShellcodeExecution_CSharp
- https://github.com/fitzgeralddaniel/HTTP_File_Covert_Channel
- https://github.com/med0x2e/SigFlip
- https://github.com/mstxq17/CVE-2021-1675_RDL_LPE
- https://github.com/CPO-EH/SharpZeroLogon
- https://github.com/wikiZ/service_cobaltstrike
- https://github.com/chryzsh/ansible-role-cobalt-strike
- https://github.com/kingz40o/Aggressor_dingding
- https://github.com/howmp/CobaltStrikeDetect
- https://github.com/JUICY00000/HellLoader
- https://github.com/Peithon/JustC2file
- https://github.com/Yihsiwei/SearchForCS
- https://github.com/hlldz/Phant0m
- https://github.com/JDArmy/RPCSCAN
- https://github.com/Cracked5pider/KaynStrike
- https://github.com/kyleavery/AceLdr
- https://github.com/matthieu-hackwitharts/UnhookMe
- https://github.com/ScriptIdiot/BOF-patchit
- https://github.com/nopbrick/SeeProxy
- https://github.com/WKL-Sec/HiddenDesktop
- https://github.com/mertdas/PrivKit
I. Reverse Analysis
II. Source Code Reading
III. Program Features
Why do we need to modify the program? What contents need to be modified? How to modify the program?
-
Feature modification
-
Traffic anti-killing
-
Function addition
-
Other magic changes
- https://mp.weixin.qq.com/s/AePKPUDnBUr4WbJqvPCleg
- https://github.com/Yang0615777/SecondaryDevCobaltStrike
- https://github.com/mai1zhi2/SharpBeacon
- https://github.com/HKirito/GoogleAuth
- https://github.com/Cobalt-Strike/sleep_python_bridge
- https://github.com/bestspear/SharkOne
- Traffic anti-killing
- Online anti-killing
- https://github.com/0e0w/BypassAV
- https://github.com/hack2fun/BypassAV
- https://github.com/Cliov/Arsenal
- https://github.com/Gality369/CS-Loader
- https://github.com/timwhitez/Doge-Loader
- https://paper.seebug.org/1349/
- https://github.com/t3hbb/NSGenCS
- https://github.com/GeorgePatsias/ScareCrow-CobaltStrike
- https://wiki.ioin.in/url/G7PK
- https://github.com/novysodope/Myloader
[Chinese Original Text]
这里记录收集优秀的CobaltStrike内容,包括优秀的资源工具或优秀的项目代码等。本项目大部分工具都未检测是否存在后门,务必在虚拟机下运行。CobaltStrike思想是攻击者的进步。作者:0e0w
本项目创建时间为2021年8月3日。最近的一次更新时间为2023年8月4日。
- 01-CobaltStrike资源
- 02-CobaltStrike程序
- 03-CobaltStrike功能
- 04-CobaltStrike扩展
- 05-CobaltStrike研究
- 06-CobaltStrike魔改
- 07-CobaltStrike免杀
- 08-CobaltStrike参考
- https://github.com/search?q=CobaltStrike
- https://github.com/topics/cobalt-strike
- https://github.com/topics/cobaltstrike
一、官方手册
二、基础教程
三、视频教程
四、其他资源
- https://github.com/S1ckB0y1337/Cobalt-Strike-CheatSheet
- https://github.com/cisagov/ansible-role-cobalt-strike
- https://github.com/hattmo/c2profilejs
- https://github.com/jan-call/Cobaltstrike-Plugins
- https://github.com/REW-sploit/REW-sploit
- https://github.com/geemion/Khepri
- 【知识回顾】Cobalt Strike 4.0 认证及修补过程
- CobaltStrike4.0无Hook蛮力Cracked License思路
- https://github.com/Tw1sm/HTTPS-MalleableC2-Config
- https://github.com/bashexplode/cs2webconfig
- https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence
- https://github.com/cisagov/teamserver-packer
- https://github.com/Cerbersec/DomainBorrowingC2
- https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
- https://github.com/XRSec/Docker-CobaltStrike
- https://wbglil.gitbook.io/cobalt-strike
- https://github.com/akkuman/EvilEye
- https://github.com/wsummerhill/CobaltStrike_RedTeam_CheatSheet
- https://github.com/splunk/melting-cobalt
- https://github.com/AlphabugX/csOnvps
- https://github.com/warhorse/ansible-role-cobaltstrike-docker
- https://github.com/kluo84/CS-notes
- https://github.com/lovechoudoufu/cobaltstrike4.4_cdf
- https://www.anquanke.com/post/id/269539
- https://github.com/rmartinsanta/cs-dns-parser
- https://github.com/outflanknl/C2-Tool-Collection
- https://xz.aliyun.com/t/11404
- https://tttang.com/archive/1631
- https://xz.aliyun.com/t/11508
- https://tttang.com/archive/1662
- https://bbs.pediy.com/thread-273749.htm
- https://www.anquanke.com/post/id/278690
- https://xz.aliyun.com/t/11662
- https://github.com/XXC385/Cobalt-Strike-Start
- https://www.anquanke.com/post/id/285270
- https://xz.aliyun.com/t/12094
- https://www.secpulse.com/archives/196736.html
- https://github.com/zer0yu/Awesome-CobaltStrike
- https://www.cobaltstrike.com/aggressor-script/index.html
- https://payloads.online/archivers/2020-03-02/4/
- http://sleep.dashnine.org/manual/
- https://github.com/Cobalt-Strike/community_kit
- https://cobalt-strike.github.io/community_kit
一、Malleable-C2
- https://github.com/Tylous/SourcePoint
- https://github.com/FortyNorthSecurity/C2concealer
- https://github.com/threatexpress/malleable-c2
- https://github.com/vestjoe/cobaltstrike_services
- https://github.com/threatexpress/cs2modrewrite
- https://github.com/Cobalt-Strike/Malleable-C2-Profiles
- https://github.com/rsmudge/Malleable-C2-Profiles
- https://github.com/threatexpress/random_c2_profile
- https://github.com/BC-SECURITY/Malleable-C2-Profiles
- https://github.com/D00Movenok/goMalleable
- https://github.com/Peithon/JustC2file
二、External-C2
- https://github.com/Und3rf10w/external_c2_framework
- https://github.com/mdsecactivebreach/Browser-ExternalC2
- https://github.com/SpiderLabs/DoHC2
- https://github.com/outflanknl/external_c2
- https://github.com/rasta-mouse/ExternalC2.NET
- https://github.com/Flangvik/CobaltBus
- https://github.com/wikiZ/RedGuard
三、UDRL:User Defined Reflective Loader
- https://github.com/mgeeky/ElusiveMice
- https://github.com/SecIdiot/TitanLdr
- https://github.com/boku7/CobaltStrikeReflectiveLoader
四、BOFs:Beacon Object Files
五、Aggressor Scripts
- https://github.com/topics/aggressor
- https://github.com/001SPARTaN/aggressor_scripts
- https://github.com/0x727/AggressorScripts_0x727
- https://github.com/harleyQu1nn/AggressorScripts
- https://github.com/bluscreenofjeff/AggressorScripts
- https://github.com/jordanpotti/opsec-aggressor
- https://github.com/mgeeky/cobalt-arsenal
- https://github.com/Cobalt-Strike/beacon_health_check
- https://github.com/RCStep/CSSG
- https://github.com/Verizon/redshell
- https://github.com/EspressoCake/Aggressor_Scripts
- https://github.com/darkoperator/vscode-language-aggressor
- https://github.com/threatexpress/cobaltstrike_payload_generator
- https://github.com/outflanknl/HelpColor
- https://github.com/capt-meelo/Beaconator
- https://github.com/NVISOsecurity/cobalt-strike-notifier
- https://github.com/FortyNorthSecurity/AggressorAssessor
- https://github.com/outflanknl/Dumpert
- https://github.com/killswitch-GUI/CobaltStrike-ToolKit
- https://github.com/Und3rf10w/Aggressor-scripts
- https://github.com/vysecurity/Aggressor-VYSEC
- https://github.com/rasta-mouse/Aggressor-Script
- https://github.com/422926799/csplugin
- https://github.com/Peco602/cobaltstrike-aggressor-scripts
- 上线提醒
- CS_Mail_Tip
- WeChatPush
- https://github.com/Daybr4ak/C2ReverseProxy
- https://github.com/teamssix/dingding_cs_notice
- https://github.com/lintstar/CS-PushPlus
- https://github.com/lintstar/CS-ServerChan
- 持久上线
- https://github.com/0xthirteen/StayKit
- https://github.com/TheKingOfDuck/XSS-Fishing2-CS
- https://github.com/yanghaoi/CobaltStrike_CNA
- https://github.com/improsec/SharpEventPersist
- https://github.com/Richard-Tang/Tomcat2CS
- 虚拟上线
- https://github.com/Doneone/happy_cs
- 权限提升
- weichi
- ElevateKit
- Aggressor-Script
- SweetPotato_CS
- 漏洞扫描
- CVE-2018-4878
- CVE-2020-0796
- MS17-010
- 流量隧道
- UploadAndRunFrp
- https://github.com/m3rcer/Chisel-Strike
- 痕迹清理
- EventLogMaster
- Phant0m_cobaltstrike
- 近源攻击
- https://github.com/AdminTest0/badusb_cobaltstrike
六、Kit
- 神器獬廌
- 梼杌
- LSTAR
- Erebus
- 巨龙拉冬
- Ladon
- CrossC2
- CrossC2Kit
- https://github.com/darkr4y/geacon
- https://github.com/RedTeamWing/WingKit
- Cobalt-Strike-Aggressor-Scripts
- https://github.com/wafinfo/cobaltstrike
- https://github.com/Adminisme/ServerScan
- https://github.com/SeaOf0/CSplugins
- https://github.com/k1d0ne/cobaltstrike_plugin
- https://github.com/9bie/Slacker
七、其他内容
- https://github.com/bitsadmin/nopowershell
- https://github.com/vysecurity/ANGRYPUPPY
- https://github.com/TheKingOfDuck/XSS-Fishing2-CS
- https://github.com/timwhitez/XSS-Phishing
- https://github.com/alphaSeclab/cobalt-strike
- https://github.com/bitsadmin/fakelogonscreen
- https://github.com/Al1ex/CSPlugins
- https://github.com/josephkingstone/cobalt_strike_extension_kit
- https://github.com/isafe/cobaltstrike_brute
- https://github.com/ryanohoro/csbruter
- https://github.com/1135/1135-CobaltStrike-ToolKit
- https://github.com/cube0x0/SharpeningCobaltStrike
- https://github.com/Cliov/Arsenal
- https://github.com/outflanknl/Zipper
- https://github.com/outflanknl/Spray-AD
- https://github.com/Apr4h/CobaltStrikeScan
- https://github.com/SecIdiot/CobaltPatch
- https://github.com/Rvn0xsy/Cobaltstrike-atexec
- https://github.com/aleenzz/Cobalt_Strike_wiki
- https://teamssix.com/year/201023-192553.html
- https://github.com/Lz1y/SyncDog
- https://github.com/Freakboy/CobaltStrike
- https://github.com/Daybr4ak/C2ReverseProxy
- https://github.com/rasta-mouse/Aggressor-Script
- https://github.com/EncodeGroup/AggressiveGadgetToJScript
- https://github.com/bytecod3r/Cobaltstrike-Aggressor-Scripts-Collection
- https://github.com/Sifter-Ex/cPlug
- https://github.com/rsmudge/cortana-scripts
- https://github.com/dcsync/pycobalt
- https://github.com/uknowsec/SharpToolsAggressor
- https://www.cnblogs.com/backlion/p/14000269.html
- https://github.com/hayasec/360SafeBrowsergetpass
- https://github.com/S1ckB0y1337/Cobalt-Strike-CheatSheet
- https://github.com/sk3w/beacon-object-files
- https://xz.aliyun.com/t/8557
- https://www.freebuf.com/articles/web/255876.html
- https://github.com/Ridter/cs_custom_404
- https://github.com/medasz/CobaltStrike4.0
- https://github.com/c1y2m3/FileSearch
- https://github.com/bopin2020/NetUser
- https://github.com/qigpig/bypass-beacon-config-scan
- https://github.com/slaeryan/DetectCobaltStomp
- https://github.com/breakid/SharpUtils
- https://github.com/rmikehodges/cs-ssl-gen
- https://github.com/Rvn0xsy/Cobaltstrike-atexec
- https://github.com/z1un/Z1-AggressorScripts
- https://github.com/Te-k/cobaltstrike
- https://github.com/S1ckB0y1337/Cobalt-Strike-CheatSheet
- https://github.com/RedXRanger/StageStrike
- https://github.com/outflanknl/Zipper
- https://github.com/Ridter/CS_Chinese_support
- https://github.com/0xthirteen/MoveKit
- https://github.com/SecIdiot/Beacon
- https://github.com/xx0hcd/Malleable-C2-Profiles
- https://github.com/Ridter/cs_custom_404
- https://github.com/nccgroup/pybeacon
- https://github.com/Skactor/cs-scripts
- https://www.svenbeast.com/post/ny5NkDd40
- https://github.com/j5s/Automatic-permission-maintenance
- https://github.com/mgeeky/RedWarden
- https://github.com/Lz1y/GECC
- https://github.com/Daybr4ak/C2ReverseProxy
- https://github.com/Twi1ight/CSAgent
- https://github.com/ORCA666/Cobalt-Wipe
- https://github.com/xorrior/raven
- https://github.com/xinbailu/TiEtwAgent
- https://github.com/GeorgePatsias/ScareCro
- https://github.com/burpheart/CS_mock
- https://github.com/huoji120/CobaltStrikeDetected
- https://github.com/Mikasazero/Cobalt-Strike
- https://github.com/D1sAbl4/samdump
- https://github.com/ASkyeye/CobaltPatch
- https://github.com/boku7/halosgate-ps
- https://github.com/CCob/BeaconEye
- https://github.com/Sentinel-One/CobaltStrikeParser
- https://github.com/hariomenkel/CobaltSpam
- https://github.com/cisagov/ansible-role-cobalt-strike
- https://github.com/dcsync/pycobalt
- https://github.com/optiv/Registry-Recon
- https://github.com/wgpsec/Automatic-permission-maintenance
- https://github.com/Kara-4search/APC_ShellcodeExecution_CSharp
- https://github.com/fitzgeralddaniel/HTTP_File_Covert_Channel
- https://github.com/med0x2e/SigFlip
- https://github.com/mstxq17/CVE-2021-1675_RDL_LPE
- https://github.com/CPO-EH/SharpZeroLogon
- https://github.com/wikiZ/service_cobaltstrike
- https://github.com/chryzsh/ansible-role-cobalt-strike
- https://github.com/kingz40o/Aggressor_dingding
- https://github.com/howmp/CobaltStrikeDetect
- https://github.com/JUICY00000/HellLoader
- https://github.com/Peithon/JustC2file
- https://github.com/Yihsiwei/SearchForCS
- https://github.com/hlldz/Phant0m
- https://github.com/JDArmy/RPCSCAN
- https://github.com/Cracked5pider/KaynStrike
- https://github.com/kyleavery/AceLdr
- https://github.com/matthieu-hackwitharts/UnhookMe
- https://github.com/ScriptIdiot/BOF-patchit
- https://github.com/nopbrick/SeeProxy
- https://github.com/WKL-Sec/HiddenDesktop
- https://github.com/mertdas/PrivKit
一、逆向分析
二、源码阅读
三、程序特征
为什么需要魔改?需要魔改那些内容?如何进行程序魔改?
一、特征修改
二、流量免杀
三、功能添加
四、其他魔改
- https://mp.weixin.qq.com/s/AePKPUDnBUr4WbJqvPCleg
- https://github.com/Yang0615777/SecondaryDevCobaltStrike
- https://github.com/mai1zhi2/SharpBeacon
- https://github.com/HKirito/GoogleAuth
- https://github.com/Cobalt-Strike/sleep_python_bridge
- https://github.com/bestspear/SharkOne
一、流量免杀
二、上线免杀
- https://github.com/0e0w/BypassAV
- https://github.com/hack2fun/BypassAV
- https://github.com/Cliov/Arsenal
- https://github.com/Gality369/CS-Loader
- https://github.com/timwhitez/Doge-Loader
- https://paper.seebug.org/1349/
- https://github.com/t3hbb/NSGenCS
- https://github.com/GeorgePatsias/ScareCrow-CobaltStrike
- https://wiki.ioin.in/url/G7PK
- https://github.com/novysodope/Myloader