charlotte – fully undetected shellcode launcher
#shellcode #msfvenom #XOR #ShellcodeLauncher #CobaltStrike #Payload
https://reconshell.com/charlotte-fully-undetected-shellcode-launcher/
#shellcode #msfvenom #XOR #ShellcodeLauncher #CobaltStrike #Payload
https://reconshell.com/charlotte-fully-undetected-shellcode-launcher/
C3
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
https://github.com/FSecureLABS/C3
#c2 #cobaltstrike #redteam
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
https://github.com/FSecureLABS/C3
#c2 #cobaltstrike #redteam
GitHub
GitHub - ReversecLabs/C3: Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still…
Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits. - ReversecLabs/C3
InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
https://github.com/Sh0ckFR/InlineWhispers2
#cobaltstrike #BOF #syswhispers
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
https://github.com/Sh0ckFR/InlineWhispers2
#cobaltstrike #BOF #syswhispers
GitHub
GitHub - Sh0ckFR/InlineWhispers2: Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2 - Sh0ckFR/InlineWhispers2
Cobalt-Clip
Cobalt-clip is clipboard addons for Cobalt Strike to interact with clipboard. With this you can dump, edit and monitor the content of clipboard.
https://github.com/DallasFR/Cobalt-Clip
#cobaltstrike #clipboard #dump
Cobalt-clip is clipboard addons for Cobalt Strike to interact with clipboard. With this you can dump, edit and monitor the content of clipboard.
https://github.com/DallasFR/Cobalt-Clip
#cobaltstrike #clipboard #dump
Cobalt Strike, a Defender’s Guide
In this research, exposes adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools use to execute mission objectives. In most of cases, the threat actors utilizing Cobalt Strike. Therefore, defenders should know how to detect Cobalt Strike in various stages of its execution. The primary purpose of this articles is to expose the most common techniques from the intrusions track and provide detections. Having said that, not all of Cobalt Strike’s features will be discussed.
# https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
# https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/
#cobaltstrike #research #blueteam
In this research, exposes adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools use to execute mission objectives. In most of cases, the threat actors utilizing Cobalt Strike. Therefore, defenders should know how to detect Cobalt Strike in various stages of its execution. The primary purpose of this articles is to expose the most common techniques from the intrusions track and provide detections. Having said that, not all of Cobalt Strike’s features will be discussed.
# https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/
# https://thedfirreport.com/2022/01/24/cobalt-strike-a-defenders-guide-part-2/
#cobaltstrike #research #blueteam
🛠️ Cobalt Strike and BloodHound Integration
PyCobaltHound is an Aggressor script, an extension to CobaltStrike that allows you to integrate with BloodHound so that you can request and receive reports from the same interface.
Features:
— Automatically querying the BloodHound database to discover escalation paths opened up by newly collected credentials.
— Automatically marking compromised users and computers as owned.
— Allowing operators to quickly and easily investigate the escalation potential of beacon sessions and users.
https://github.com/NVISOsecurity/pyCobaltHound
#cobaltstrike #bloodhound #redteam
PyCobaltHound is an Aggressor script, an extension to CobaltStrike that allows you to integrate with BloodHound so that you can request and receive reports from the same interface.
Features:
— Automatically querying the BloodHound database to discover escalation paths opened up by newly collected credentials.
— Automatically marking compromised users and computers as owned.
— Allowing operators to quickly and easily investigate the escalation potential of beacon sessions and users.
https://github.com/NVISOsecurity/pyCobaltHound
#cobaltstrike #bloodhound #redteam
🔥6👍1
This media is not supported in your browser
VIEW IN TELEGRAM
🧦 Chisel Strike
A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.
https://github.com/m3rcer/Chisel-Strike
#cobaltstrike #socks #proxy #redteam
A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.
https://github.com/m3rcer/Chisel-Strike
#cobaltstrike #socks #proxy #redteam
🔥4👎1
⚙️ Hackers No Hashing: Randomizing API Hashes to Evade Cobalt Strike Shellcode Detection
If you utilise API hashing in your malware or offensive security tooling. Try rotating your API hashes. This can have a significant impact on detection rates and improve your chances of remaining undetected by AV/EDR.
Blog:
https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Source:
https://github.com/matthewB-huntress/APIHashReplace
#maldev #evasion #hinvoke #cobaltstrike #redteam
If you utilise API hashing in your malware or offensive security tooling. Try rotating your API hashes. This can have a significant impact on detection rates and improve your chances of remaining undetected by AV/EDR.
Blog:
https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection
Source:
https://github.com/matthewB-huntress/APIHashReplace
#maldev #evasion #hinvoke #cobaltstrike #redteam
🔥7👍3
🦾 SharpTerminatator
Terminate AV/EDR Processes using kernel driver. SharpTerminatator is a C# port of ZeroMemoryEx's art piece called Terminator. It can be used with Cobalt Strike's execute-assembly or as a standalone executable.
https://github.com/mertdas/SharpTerminator
#av #edr #cobaltstrike #csharp
Terminate AV/EDR Processes using kernel driver. SharpTerminatator is a C# port of ZeroMemoryEx's art piece called Terminator. It can be used with Cobalt Strike's execute-assembly or as a standalone executable.
https://github.com/mertdas/SharpTerminator
#av #edr #cobaltstrike #csharp
🔥3
🎭 BOFMask
BOFMask is a tool designed to conceal Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF). By applying a XOR mask and modifying memory protection settings, BOFMask enables users to execute BOFs without exposing Beacon, thereby avoiding detection by EDR products that scan system memory.
Research:
https://securityintelligence.com/posts/how-to-hide-beacon-during-bof-execution/
Source:
https://github.com/xforcered/bofmask
#cobaltstrike #bof #sleepmask #redteam
BOFMask is a tool designed to conceal Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF). By applying a XOR mask and modifying memory protection settings, BOFMask enables users to execute BOFs without exposing Beacon, thereby avoiding detection by EDR products that scan system memory.
Research:
https://securityintelligence.com/posts/how-to-hide-beacon-during-bof-execution/
Source:
https://github.com/xforcered/bofmask
#cobaltstrike #bof #sleepmask #redteam
Security Intelligence
Your BOFs are gross, put on a mask: How to hide beacon during BOF execution
Explore a simple technique developed to encrypt Cobalt Strike’s Beacon in memory while executing BOFs to prevent a memory scan from detecting Beacon.
❤🔥4
This is an offline BloodHound ingestor and LDAP result parser. BOFHound allows operators to utilize BloodHound's beloved interface while maintaining full control over the LDAP queries being run and the spped at which they are executed. This leaves room for operator discretion to account for potential honeypot accounts, expensive LDAP query thresholds and other detection mechanisms designed with the traditional, automated BloodHound collectors in mind.
Tools:
🔗 https://github.com/coffeegist/bofhound
Research:
🔗 https://posts.specterops.io/bofhound-session-integration-7b88b6f18423
#c2 #bof #cobaltstrike #redteam
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - coffeegist/bofhound: Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's…
Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel - coffeegist/bofhound
🔥7❤1👍1
The article outlines methods to conceal Cobalt Strike from detection by antivirus and EDR systems, with a particular focus on bypassing Kaspersky Endpoint Security. Author introduces the HCS tool for obfuscating JARM signatures and offers detailed steps for modifying Cobalt Strike’s code and SSL certificates to enhance OPSEC.
🔗 https://blog.injectexp.dev/2024/02/27/hide-cobalt-strike-like-a-pro/
#cobaltstrike #customize #kaspersky #bypass
Please open Telegram to view this post
VIEW IN TELEGRAM
👍180🔥21❤3
This media is not supported in your browser
VIEW IN TELEGRAM
🔑 RdpStrike
The project aims to extract clear text passwords from mstsc.exe, and the shellcode uses Hardware Breakpoint to hook APIs. It is a complete positional independent code, and when the shellcode injects into the mstsc.exe process, it is going to put Hardware Breakpoint onto three different APIs, ultimately capturing any clear-text credentials and then saving them to a file.
🔗 Source:
https://github.com/0xEr3bus/RdpStrike
#rdp #creds #bof #cobaltstrike
The project aims to extract clear text passwords from mstsc.exe, and the shellcode uses Hardware Breakpoint to hook APIs. It is a complete positional independent code, and when the shellcode injects into the mstsc.exe process, it is going to put Hardware Breakpoint onto three different APIs, ultimately capturing any clear-text credentials and then saving them to a file.
🔗 Source:
https://github.com/0xEr3bus/RdpStrike
#rdp #creds #bof #cobaltstrike
👍9❤🔥7❤3👎2
This media is not supported in your browser
VIEW IN TELEGRAM
🤖 DojoLoader — Generic PE Loader for Prototyping Evasion Techniques
This is a versatile PE loader designed for prototyping evasion techniques. It supports downloading and executing encrypted shellcode, dynamic IAT hooking, and three Sleep obfuscation methods. Ideal for use with UDRL-less Beacon payloads from Cobalt Strike.
🔗 Blog Post:
https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html
🔗 Source:
https://github.com/naksyn/DojoLoader
#cobaltstrike #udrl #memory #evasion
This is a versatile PE loader designed for prototyping evasion techniques. It supports downloading and executing encrypted shellcode, dynamic IAT hooking, and three Sleep obfuscation methods. Ideal for use with UDRL-less Beacon payloads from Cobalt Strike.
🔗 Blog Post:
https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html
🔗 Source:
https://github.com/naksyn/DojoLoader
#cobaltstrike #udrl #memory #evasion
🔥9❤2👍1
🔍 Exploring WinRM plugins for lateral movement
In this blog, the process of leveraging WinRM plugins to perform lateral movement to other systems is explored. Additionally, the use of the
🔗 Research:
https://falconforce.nl/exploring-winrm-plugins-for-lateral-movement/
🔗 Source:
https://github.com/FalconForceTeam/bof-winrm-plugin-jump
#ad #winrm #cobaltstrike #bof #redteam
In this blog, the process of leveraging WinRM plugins to perform lateral movement to other systems is explored. Additionally, the use of the
CIM_LogicFile WMI class to bypass certain tricky detections by Microsoft Defender is examined. Finally, all the logic is incorporated into a Cobalt Strike BOF.🔗 Research:
https://falconforce.nl/exploring-winrm-plugins-for-lateral-movement/
🔗 Source:
https://github.com/FalconForceTeam/bof-winrm-plugin-jump
#ad #winrm #cobaltstrike #bof #redteam
FalconForce
Exploring WinRM plugins for lateral movement - FalconForce
We explore how to leverage WinRM plugins to perform lateral movement to other systems and put all the logic in a Cobalt Strike BOF.
🔥6❤3👍3🤔1