Little exfil C# tool for compressing, encrypting, and uploading data to Dropbox. Works great using "execute-assembly" in Cobalt Strike.
https://github.com/P1CKLES/SharpBox
https://github.com/P1CKLES/SharpBox
GitHub
GitHub - P1CKLES/SharpBox: SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox…
SharpBox is a C# tool for compressing, encrypting, and exfiltrating data to DropBox using the DropBox API. - GitHub - P1CKLES/SharpBox: SharpBox is a C# tool for compressing, encrypting, and exfil...
Reference Malleable C2 profile was just updated to take advantage of the latest #CobaltStrike 3.12 additions.
https://github.com/threatexpress/malleable-c2
https://github.com/threatexpress/malleable-c2
GitHub
GitHub - threatexpress/malleable-c2: Cobalt Strike Malleable C2 Design and Reference Guide
Cobalt Strike Malleable C2 Design and Reference Guide - threatexpress/malleable-c2
smbexec_psh.cna
1.4 KB
Had some problems with Cobalt Strike's psexec & mimikatz functions today, so was able to cobble together a solution to achieve psexec from one domain to another with Invoke-SMBExec.ps1
Command and Control via DNS over HTTPS (DoH) for Cobalt Strike
https://github.com/SpiderLabs/DoHC2
https://github.com/SpiderLabs/DoHC2
GitHub
GitHub - SpiderLabs/DoHC2: DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be…
DoHC2 allows the ExternalC2 library from Ryan Hanson (https://github.com/ryhanson/ExternalC2) to be leveraged for command and control (C2) via DNS over HTTPS (DoH). - SpiderLabs/DoHC2
Newest blog post talks about AggressorAssessor, a collection of Cobalt Strike Aggressor Scripts for all stages of the attack lifecycle, Automation and more!
https://www.fortynorthsecurity.com/aggressorassessor-and-automation/
https://www.fortynorthsecurity.com/aggressorassessor-and-automation/
FortyNorth Security Blog
AggressorAssessor - Cobalt Strike Aggressor Scripts
I (@ChrisTruncer) had the opportunity to speak at Wild West Hackin Fest last week along with Harley LeBeau (@r3dQu1nn) on a topic we called “Aggressive Autonomous Actions – Operating with Automation”. This was a talk that we have been working on for a few…
MSFRottenPotato built as a Reflective DLL.
https://github.com/realoriginal/reflectivepotato
https://github.com/realoriginal/reflectivepotato
How to use
Beacon has a hard-coded 1MB limit going back to 2012. It's so deeply baked in there I haven't made an attempt to move it upwards or build some sort of chunking mechanism for oversized tasks.
We've been using
execute-assembly with big C# payload?Beacon has a hard-coded 1MB limit going back to 2012. It's so deeply baked in there I haven't made an attempt to move it upwards or build some sort of chunking mechanism for oversized tasks.
We've been using
SharpCradle to get around that limitation, use assembly execution to pull in the smaller SharpCradle assembly in as an intermediate stage, which then turns around and pulls whatever larger assembly / .net project file you're looking for from a remote server.Web UI for creating C2 profiles for Cobalt Strike
https://github.com/hattmo/c2profilejs
https://github.com/hattmo/c2profilejs