Skip to content

@Cobalt-Strike Cobalt Strike

Change the repository type filter

All

    Repositories list

    20 repositories

    • community_kit

      Public
      Cobalt Strike is a post-exploitation framework designed to be extended and customized by the user community. Several excellent tools and scripts have been written and published, but they can be challenging to locate. Community Kit is a central repository of extensions written by the user community to extend the capabilities of Cobalt Strike. The…
      HTML
      Apache License 2.0
      2031511Updated Oct 7, 2024Oct 7, 2024

    • Malleable-C2-Profiles

      Public
      Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
      42518800Updated Sep 30, 2024Sep 30, 2024

    • sleepmask-vs

      Public
      A simple Sleepmask BOF example
      C++
      Apache License 2.0
      124000Updated Sep 4, 2024Sep 4, 2024

    • bof-vs

      Public
      A Beacon Object File (BOF) template for Visual Studio
      C++
      Apache License 2.0
      1813001Updated Aug 12, 2024Aug 12, 2024

    • bof_template

      Public
      A Beacon Object File (BOF) is a compiled C program, written to a convention that allows it to execute within a Beacon process and use internal Beacon APIs. BOFs are a way to rapidly extend the Beacon agent with new post-exploitation features.
      C
      Apache License 2.0
      1811500Updated Jul 16, 2024Jul 16, 2024

    • teamserver-prop

      Public
      TeamServer.prop is an optional properties file used by the Cobalt Strike teamserver to customize the settings used to validate screenshot and keylog callback data, which allows you to tweak the fix for the “HotCobalt” vulnerability. This repository contains an example file that contains the default settings.
      Apache License 2.0
      156100Updated Jul 16, 2024Jul 16, 2024

    • callback_examples

      Public
      This contains a number of examples demonstrating how to use callback functions in supported aggressor script functions
      C
      Apache License 2.0
      12800Updated Jul 16, 2024Jul 16, 2024

    • obfuscator-llvm

      Public
      C++
      Other
      423700Updated Jan 15, 2024Jan 15, 2024

    • sleep_python_bridge

      Public
      This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python without the need for for the standard GUI client. NOTE: This project is very much in BETA. The goal is to provide a playground for testing and is in no way an officially support feature. Perhaps this could be somethi…
      Python
      Apache License 2.0
      2616600Updated Apr 12, 2023Apr 12, 2023

    • CallStackMasker

      Public
      A PoC implementation for dynamically masking call stacks with timers.
      C++
      3424700Updated Feb 13, 2023Feb 13, 2023

    • unhook-bof

      Public
      Remove API hooks from a Beacon process.
      C
      BSD 3-Clause "New" or "Revised" License
      575400Updated Mar 13, 2022Mar 13, 2022

    • aggressor_script_examples

      Public
      This repository contains tips, tricks, and examples of aggressor script functions. The intent is to share bite size examples that can be used in other scripts.
      Apache License 2.0
      91000Updated Dec 13, 2021Dec 13, 2021

    • ProxyDLLExample

      Public
      code for the Proxy DLL example blog post
      C
      Apache License 2.0
      175700Updated Oct 29, 2021Oct 29, 2021

    • beacon_health_check

      Public
      This aggressor script uses a beacon's note field to indicate the health status of a beacon.
      Apache License 2.0
      2513800Updated Sep 29, 2021Sep 29, 2021

    • cortana-scripts

      Public
      A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called Aggressor Script.
      Java
      284200Updated Mar 2, 2021Mar 2, 2021

    • sleep

      Public
      Automatically exported from code.google.com/p/sleep
      Java
      BSD 3-Clause "New" or "Revised" License
      19100Updated Oct 30, 2020Oct 30, 2020

    • ZeroLogon-BOF

      Public
      C
      BSD 3-Clause "New" or "Revised" License
      401100Updated Sep 17, 2020Sep 17, 2020

    • CVE-2020-0796-BOF

      Public
      C
      22400Updated Sep 17, 2020Sep 17, 2020

    • ElevateKit

      Public
      The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
      PowerShell
      19810400Updated Jun 22, 2020Jun 22, 2020

    • vncdll

      Public
      Stand-alone VNC server compiled as a Reflective DLL
      C
      GNU General Public License v2.0
      57200Updated Apr 20, 2019Apr 20, 2019