Readme_en.md

All Resource Collection Projects

CobaltStrike

• Resources about Cobalt Strike

Directory

• External C2 -> (9)Tools (10)Post
• Malleable C2 -> (6)Tools (10)Post
• Beacon -> (24)Tools (63)Post
• Listener -> (1)Tools
• Aggressor Script -> (29)Tools (8)Post
• Recent Add -> (39)Tools (117)Post

External C2

---

Tools

• [325Star][2y] [C#] spiderlabs/dohc2 DoHC2 allows the ExternalC2 library from Ryan Hanson (
• [222Star][23d] [PS] qax-a-team/cobaltstrike-toolset Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
• [188Star][3y] [C#] ryhanson/externalc2 A library for integrating communication channels with the Cobalt Strike External C2 server
• [150Star][26d] [Py] und3rf10w/external_c2_framework Python api for usage with cobalt strike's External C2 specification
• [140Star][1m] [C++] xorrior/raven CobaltStrike External C2 for Websockets
• [76Star][30d] [C] outflanknl/external_c2 POC for Cobalt Strike external C2
• [58Star][1y] [C#] mdsecactivebreach/browser-externalc2 External C2 Using IE COM Objects
• [58Star][2m] [Py] truneski/external_c2_framework Python api for usage with cobalt strike's External C2 specification
• [37Star][3m] [Go] lz1y/gecc Cobalt Strike - Go External C2 Client

---

Post

• 2019.12 [talosintelligence] WAGO PFC200 iocheckd service "I/O-Check" external tool information exposure vulnerability
• 2019.02 [mdsec] External C2, IE COM Objects and how to use them for Command and Control
• 2018.03 [xpnsec] Exploring Cobalt Strike's ExternalC2 framework
• 2013.10 [colinpoflynn] PLIP DEC2013: Hardware Co-Sim with External Hardware (Serial Port)

Malleable C2

---

Tools

• [462Star][2y] rsmudge/malleable-c2-profiles Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
• [217Star][2y] [Py] bluscreenofjeff/malleable-c2-randomizer A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls
• [205Star][23d] threatexpress/malleable-c2 Cobalt Strike Malleable C2 Design and Reference Guide
• [105Star][9m] xx0hcd/malleable-c2-profiles Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike
• [41Star][3y] bluscreenofjeff/malleablec2profiles Malleable C2 profiles for Cobalt Strike
• [NoneStar][Py] fortynorthsecurity/c2concealer C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

---

Post

• 2018.09 [specterops] A Deep Dive into Cobalt Strike Malleable C2
• 2018.09 [threatexpress] A Deep Dive into Cobalt Strike Malleable C2
• 2018.09 [threatexpress] A Deep Dive into Cobalt Strike Malleable C2
• 2018.06 [cobaltstrike] Broken Promises and Malleable C2 Profiles
• 2018.01 [threatexpress] Automating Apache mod_rewrite and Cobalt Strike Malleable C2 for Intelligent Redirection
• 2017.08 [bluescreenofjeff] Randomized Malleable C2 Profiles Made Easy
• 2017.01 [bluescreenofjeff] How to Write Malleable C2 Profiles for Cobalt Strike
• 2014.07 [harmj0y] A Brave New World: Malleable C2

Beacon

---

Tools

• [244Star][6m] [PS] rsmudge/elevatekit The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
• [193Star][17d] [Go] darkr4y/geacon Practice Go programming and implement CobaltStrike's Beacon in Go
• [129Star][2m] [JS] dermike/slide-beacon-app Share links from your Mac using this app to broadcast them as a Physical Web Eddystone URL bluetooth beacon or mDNS.
• [115Star][4m] [HTML] romanemelyanov/cobaltstrikeforensic Toolset for research malware and Cobalt Strike beacons
• [71Star][6m] [Py] daddycocoaman/beacongraph Graph visualization of wireless client and access point relationships
• [59Star][24d] [Go] averagesecurityguy/c2 A simple, extensible C&C beaconing system.
• [57Star][2m] [Shell] cyb0r9/network-attacker Programmed For Penetration Testing Beginners . This Program Based on Mdk3 . "WiFi Stress Testing Beacon Flooding & Deauthentication Attack "
• [56Star][24d] [HTML] aravinthpanch/rssi Indoor localisation using RSSI. RSSI is received signal strength indicator in IEEE 802.11 beacon packet to announce the presence of WiFi.This tool was built to study & visualize the data collected in the experiments. This was done at Telecommunications Network Group (TKN), Berlin as part of EVARILOS.
• [50Star][2m] 001spartan/csfm Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.
• [45Star][10m] [JS] dermike/physical-web-scan-app Mac OSX desktop client app to scan for Physical Web (Eddystone) bluetooth beacons
• [39Star][4m] [C++] lijuno/nrf24_ble Hacking nRF24L01+ as a low-cost BLE beacon
• [30Star][5m] chriso0710/pikiosk Automate Chromium in kiosk mode and Eddystone beacon on Raspberry Pi Raspbian Jessie with Ansible. Use a single command to update the kiosk and Eddystone URLs on all machines.
• [29Star][24d] [TS] iot-makers/sigfox-platform Open Source platform to display and parse Sigfox messages in real time with Sigfox, GPS, WiFi & beacon geolocalisation
• [25Star][9m] [C] clockfort/wifi-locator Determines physical location of station judging from 802.11 beacons' BSSID/Signal/Noise/Quality information.
• [20Star][5m] [C++] 6e726d/native-wifi-api-beacon-sniffer Tool that dumps beacon frames to a pcap file. Works on Windows Vista or Later with any Wireless Card.
• [14Star][23d] [Py] mlodic/ursnif_beacon_decryptor Ursnif beacon decryptor
• [12Star][1m] [Go] wahyuhadi/beacon-c2-go backdoor c2
• [11Star][3m] [Dockerfile] d3vzer0/cnc-relay Docker projects to retain beacon source IPs using C2 relaying infra
• [10Star][2y] [C] wifimon/wifimon Wi-fi 802.11 Beacon Frame sniffer
• [9Star][3y] [C] loukamb/beacon Lightweight, header-only C++ IPC library for Windows operating systems (Vista+) using advanced local procedure calls
• [9Star][4m] [Py] ajackal/cherrywasp An 802.11 probe request and beacon sniffer.
• [2Star][9m] [Shell] b3n-j4m1n/flood-kick-sniff Known Beacons attack tool
• [2Star][5m] [Shell] op7ic/rt-officebeaconbox Simple Office-based beacon that calls back to your server for phishing exercises.
• [NoneStar][C++] rvn0xsy/linco2 模拟Cobalt Strike的Beacon与C2通信过程，实现了基于HTTP协议的Linux C2

---

Post

• 2020.05 [pentestpartners] Short beacon analysis on the NHS iOS Tracking application
• 2020.05 [findingbad] Hunting for Beacons Part 2
• 2020.05 [findingbad] Hunting for Beacons
• 2020.04 [activecountermeasures] Threat Simulation – Beacons
• 2020.04 [tindie] UHF Radio Beacon for Lost RC Models
• 2020.03 [blackhillsinfosec] Detecting Malware Beacons With Zeek and RITA
• 2020.01 [fox] Hunting for beacons
• 2019.11 [s0lst1c3] Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks
• 2019.10 [specterops] Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks
• 2019.08 [TechMinds] Hunting LF/MF/HF Beacons With An Airspy HF+ Discovery
• 2019.05 [activecountermeasures] Detecting Beacons With Jitter
• 2019.04 [activecountermeasures] Simplifying Beacon Analysis through Big Data Analysis
• 2019.04 [NDSSSymposium] NDSS 2019 MBeacon: Privacy-Preserving Beacons for DNA Methylation Data
• 2019.02 [sensorfu] SensorFu Beacon How To: 3 steps to always know if your isolated Linux leaks
• 2019.02 [sensorfu] Deploying SensorFu Beacon Windows Application with GPO
• 2019.02 [rapid7] Smart Sensors: A Look at Beacon Security
• 2019.02 [sensorfu] Using SensorFu Beacon to supplement Threat Intel
• 2018.12 [nviso] TLS beaconing detection using ee-outliers and Elasticsearch
• 2018.11 [DEFCONConference] DEF CON 26 HARDWARE HACKING VILLAGE - John Aho - WiFi Beacons will give you up
• 2018.10 [NullByte] Track & Connect to Smartphones with a Beacon Swarm [Tutorial]
• 2018.09 [blackhillsinfosec] PODCAST: Beacon Analysis
• 2018.09 [activecountermeasures] Threat Hunting Beacon Analysis Webcast from September 11, 2018
• 2018.08 [activecountermeasures] Threat Hunting – Simplifying The Beacon Analysis Process
• 2018.08 [activecountermeasures] Beacon Analysis – The Key to Cyber Threat Hunting
• 2018.08 [jpcert] Volatility Plugin for Detecting Cobalt Strike Beacon
• 2018.08 [jpcert] Volatility Plugin for Detecting Cobalt Strike Beacon
• 2018.04 [activecountermeasures] New Beacon Graph in the Works
• 2018.04 [rvrsh3ll] Redirecting Cobalt Strike DNS Beacons
• 2018.02 [census] The Known Beacons Attack (34th Chaos Communication Congress)
• 2017.06 [cobaltstrike] OPSEC Considerations for Beacon Commands
• 2017.06 [social] Web Beacons for Social Engineering Reconnaissance
• 2017.06 [austintaylor] Detect Beaconing with Flare, Elastic Stack, and Intrusion Detection Systems
• 2017.06 [longtermsec] Chrome just hardened the Navigator Beacon API against Cross-Site-Request-Forgery (CSRF)
• 2016.11 [jerrygamblin] Spoofing Beacon Frames From The 5000 Most Common SSIDS
• 2016.10 [rvrsh3ll] Redirecting Cobalt Strike DNS Beacons
• 2016.09 [christophertruncer] Receiving Text Messages for your Incoming Beacons
• 2016.07 [] Forging WiFi Beacon Frames Using Scapy
• 2016.05 [breakpoint] Using Python to Decrypt Dispind.A and Helminth HTTP Beacons
• 2016.05 [arxiv] [1605.04559] Bitcoin Beacon
• 2015.11 [alienvault] Ultrasound Tracking Beacons Making Things Sort of Creepy For Consumers
• 2015.10 [z4ziggy] Exploring Bluetooth & iBeacons – from software to radio signals and back.
• 2015.09 [christophertruncer] Upgrading Your Shells to Beacons
• 2015.07 [securitykitten] Finding Beacons With Bro
• 2015.04 [arxiv] [1504.07192] Location-aware sign-on and key exchange using attribute-based encryption and Bluetooth beacons
• 2015.01 [securityriskadvisors] Beaconing Past McAfee ePO
• 2014.10 [sans] CSAM: Be Wary of False Beacons
• 2014.05 [rsa] Sality Botnet Beacons Change- How to Detect It
• 2014.05 [metaflows] Got Beacons?
• 2014.02 [rsa] Detecting the Zusy Botnet Beaconing
• 2012.12 [arxiv] [1212.2404] A beaconing approach whith key exchange in vehicular ad hoc networks
• 2012.10 [toolswatch] New feature “Beacon” added to Cobalt Strike
• 2012.07 [talosintelligence] Banking Trojan Spread Via UPS Phish Uses 0xDEADBEEF Beacon

Listener

---

Tools

• [49Star][20d] [Shell] taherio/redi Automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt)

Aggressor Script

---

Tools

• [758Star][8m] [C#] harleyqu1nn/aggressorscripts Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
• [378Star][2y] bluscreenofjeff/aggressorscripts Aggressor scripts for use with Cobalt Strike 3.0+
• [369Star][18d] [Java] rsmudge/cortana-scripts A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called Aggressor Script.
• [252Star][3y] [PS] und3rf10w/aggressor-scripts Aggressor scripts I've made for Cobalt Strike
• [215Star][2y] [C#] spiderlabs/sharpcompile SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing…
• [175Star][22d] uknowsec/sharptoolsaggressor 内网渗透中常用的c#程序整合成cs脚本，直接内存加载。持续更新~
• [174Star][2y] ramen0x3f/aggressorscripts audit your machines or machines you're authorized to audit
• [144Star][4m] [PS] vysecurity/aggressor-vysec CobaltStrike Aggressor Scripts
• [126Star][2y] zonksec/persistence-aggressor-script initial commit
• [102Star][2y] [PS] rhinosecuritylabs/aggressor-scripts Aggregation of Cobalt Strike's aggressor scripts.
• [101Star][27d] 001spartan/aggressor_scripts A collection of useful scripts for Cobalt Strike
• [97Star][2y] [PS] rasta-mouse/aggressor-script Collection of Aggressor Scripts for Cobalt Strike
• [93Star][4m] [Py] fortynorthsecurity/aggressorassessor Aggressor scripts for phases of a pen test or red team assessment
• [87Star][22d] k8gege/aggressor Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force
• [87Star][22d] k8gege/aggressor Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force
• [73Star][27d] vysecurity/cve-2018-4878 Aggressor Script to launch IE driveby for CVE-2018-4878
• [68Star][2y] tevora-threat/powerview3-aggressor Cobalt Strike Aggressor script menu for Powerview/SharpView
• [57Star][2y] [PS] invokethreatguy/csasc Cobalt Strike Aggressor Script Collection
• [46Star][4m] [Py] coalfire-research/vampire Vampire is an aggressor script which integrates with BloodHound to mark nodes as owned.
• [46Star][16d] [JS] threatexpress/aggressor-scripts Cobalt Strike Aggressor Scripts
• [43Star][27d] tevora-threat/aggressor-powerview PowerView menu for Cobalt Strike
• [39Star][2y] secgroundzero/cs-aggressor-scripts Aggressor Scripts for Cobalt Strike
• [30Star][17d] mgeeky/cobalt-arsenal My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
• [25Star][6m] scanfsec/cve-2018-15982 Aggressor Script to launch IE driveby for CVE-2018-15982.
• [22Star][3y] [PS] oldb00t/aggressorscripts Cobaltstrike Aggressor Scripts
• [22Star][12m] superdong0/aggressor_mail beacon,aggressor-scripts,cna,cobalt-strike,email
• [18Star][3m] mdsecactivebreach/execute-githubassembly-aggressor Aggressor Script to Execute Assemblies from Github
• [1Star][8m] kingsabri/aggressorscripts A collection of Cobalt Strike aggressor scripts
• [NoneStar][C] timwhitez/cobalt-strike-aggressor-scripts Cobalt Strike Aggressor 插件包

---

Post

• 2019.06 [rastamouse] The Return of Aggressor
• 2018.07 [tevora] A SharpView and More Aggressor
• 2018.03 [tevora] Aggressor PowerView
• 2018.03 [] Aggressor 101: Unleashing Cobalt Strike for Fun and Profit
• 2016.11 [bluescreenofjeff] Beaconpire - Cobalt Strike and Empire Interoperability with Aggressor Script
• 2016.09 [bluescreenofjeff] Adding Easy GUIs to Aggressor Scripts
• 2016.05 [zonksec] Persistence Aggressor Script

Recent Add

---

Tools

• [822Star][4m] aleenzz/cobalt_strike_wiki Cobalt Strike系列
• [409Star][2y] [Shell] killswitch-gui/cobaltstrike-toolkit Some useful scripts for CobaltStrike
• [398Star][21d] [Py] vysecurity/morphhta morphHTA - Morphing Cobalt Strike's evil.HTA
• [225Star][4m] [PS] outflanknl/excel4-dcom PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
• [224Star][3m] gloxec/crossc2 generate CobaltStrike's cross-platform payload
• [213Star][18d] [PS] vysecurity/angrypuppy Bloodhound Attack Path Automation in CobaltStrike
• [193Star][4m] [PS] phink-team/cobaltstrike-ms17-010 cobaltstrike ms17-010 module and some other
• [190Star][17d] [Py] threatexpress/cs2modrewrite Convert Cobalt Strike profiles to modrewrite scripts
• [150Star][22d] [C#] josephkingstone/cobalt_strike_extension_kit Tired of typing execute-assembly everytime you use Cobalt Strike? Clone this.
• [117Star][5m] [Py] verctor/cs_xor64 cobaltstrike xor64.bin补完计划
• [115Star][2y] ridter/cs_chinese_support Cobalt strike 修改支持回显中文。
• [110Star][18d] fox-it/cobaltstrike-extraneous-space Historical list of {Cobalt Strike,NanoHTTPD} servers
• [101Star][3y] [Py] mr-un1k0d3r/sct-obfuscator Cobalt Strike SCT payload obfuscator
• [91Star][4m] 0xthirteen/staykit Cobalt Strike kit for Persistence
• [89Star][5m] [C#] jnqpblc/sharpspray SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.
• [89Star][17d] [Py] k8gege/scrun BypassAV ShellCode Loader (Cobaltstrike/Metasploit)
• [88Star][1y] [Py] dcsync/pycobalt Cobalt Strike API, Python版本
• [87Star][1m] [Py] ryanohoro/csbruter Cobalt Strike team server password brute force tool
• [82Star][2y] [java] anbai-inc/cobaltstrike_hanization CobaltStrike 2.5中文汉化版
• [73Star][4m] [C#] 0xthirteen/movekit Cobalt Strike kit for Lateral Movement
• [56Star][4m] 1135/1135-cobaltstrike-toolkit about CobaltStrike
• [51Star][3y] p292/ddeautocs A cobaltstrike script that integrates DDEAuto Attacks
• [45Star][4m] [C#] jnqpblc/sharptask SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.
• [45Star][28d] vysecurity/cobaltsplunk Splunk Dashboard for CobaltStrike logs
• [41Star][3y] [Go] empty-nest/emptynest a plugin based C2 server framework
• [33Star][3m] tom4t0/cobalt-strike-persistence cobalt strike 自启动脚本
• [30Star][5m] [C#] mr-un1k0d3r/remoteprocessinjection C# remote process injection utility for Cobalt Strike
• [29Star][6m] redteamwing/cobaltstrike_wiki Cobalt Strike 3.12中文文档
• [27Star][2m] johnnydep/cobaltstrike cobalt strike stuff I have gathered from around github
• [24Star][21d] [HTML] ridter/cs_custom_404 Cobalt strike custom 404 page
• [22Star][5m] [Py] k8gege/pyladon Ladon For Python, Large Network Penetration Scanner & Cobalt Strike, vulnerability / exploit / detection / MS17010
• [19Star][2m] icebearfriend/quickrundown Smart overlay for Cobalt Strike PS function
• [17Star][4m] [Py] attactics/cslogwatch Cobalt Strike log state tracking, parsing, and storage
• [14Star][2m] [TS] hattmo/c2profilejs Web UI for creating C2 profiles for Cobalt Strike
• [9Star][2y] [Zeek] sjosz/cnc-detection Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation
• [3Star][3m] [Shell] war-horse/docker-cobaltstrike A Cobaltstrike container, built for Warhorse
• [NoneStar][C++] outflanknl/spray-ad A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
• [NoneStar]hack2fun/bypassav Cobalt Strike插件，用于快速生成免杀的可执行文件
• [NoneStar][PS] k8gege/powerladon Large Network Penetration Scanner & Cobalt Strike, Ladon for PowerShell, vulnerability / exploit / detection / MS17010

---

Post

• 2020.04 [securelist] Loncom packer: from backdoors to Cobalt Strike
• 2020.03 [cobaltstrike] Cobalt Strike joins Core Impact at HelpSystems, LLC
• 2020.01 [malware] 2020-01-21 - HANCITOR INFECTION WITH COBALT STRIKE
• 2019.12 [malware] 2019-12-10 - DATA DUMP: HANCITOR INFECTION WITH URSNIF AND COBALT STRIKE
• 2019.12 [cobaltstrike] Cobalt Strike 4.0 – Bring Your Own Weaponization
• 2019.11 [ColinHardy] Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection
• 2019.11 [ironcastle] Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike, (Wed, Nov 20th)
• 2019.08 [cobaltstrike] Cobalt Strike’s Process Injection: The Details
• 2019.08 [blackhillsinfosec] Using CloudFront to Relay Cobalt Strike Traffic
• 2019.07 [malware] 2019-07-22 - HANCITOR-STYLE AMADEY MALSPAM PUSHES PONY & COBALT STRIKE
• 2019.07 [malware] 2019-07-22 - HANCITOR SWITCHES TO AMADEY, STILL PUSHING PONY/URSNIF/COBALT STRIKE
• 2019.07 [malware] 2019-07-03 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE
• 2019.07 [malware] 2019-07-02 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE
• 2019.05 [rsa] Detecting Command and Control in RSA NetWitness: Cobalt Strike
• 2019.05 [cobaltstrike] Cobalt Strike 3.14 – Post-Ex Omakase Shimasu
• 2019.04 [pentestpartners] Cobalt Strike. Walkthrough for Red Teamers
• 2019.02 [obscuritylabs] Installing CobaltStrike on Ubuntu 18.04
• 2019.02 [obscuritylabs] Installing CobaltStrike on Ubuntu 18.04
• 2019.01 [xpnsec] How to Argue like Cobalt Strike
• 2019.01 [cobaltstrike] Cobalt Strike 3.13 – Why do we argue?
• 2018.11 [olafhartong] Cobalt Strike Remote Threads detection
• 2018.09 [crowdstrike] Meet CrowdStrike’s Adversary of the Month for September: COBALT SPIDER
• 2018.09 [cobaltstrike] Cobalt Strike 3.12 – Blink and you’ll miss it
• 2018.07 [f] Bypassing Memory Scanners with Cobalt Strike and Gargoyle
• 2018.07 [mwrinfosecurity] Bypassing Memory Scanners with Cobalt Strike and Gargoyle
• 2018.04 [cobaltstrike] Cobalt Strike 3.11 – The snake that eats its tail
• 2018.03 [] Cobalt Strike Visualizations
• 2018.03 [offensiveops] Cobalt Strike – Bypassing Windows Defender with Obfuscation
• 2018.01 [bluescreenofjeff] Cobalt Strike OPSEC Profiles
• 2017.12 [cobaltstrike] Cobalt Strike 3.10 – Хакер vs. 肉雞
• 2017.12 [threatexpress] Slack Notifications for Cobalt Strike
• 2017.12 [blackhillsinfosec] A Morning with Cobalt Strike & Symantec
• 2017.11 [riskiq] Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions
• 2017.11 [fortinet] Cobalt Malware Strikes Using CVE-2017-11882 RTF Vulnerability
• 2017.11 [fortinet] Cobalt Malware Strikes Using CVE-2017-11882 RTF Vulnerability
• 2017.11 [trendmicro] Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks
• 2017.09 [rsa] Malspam delivers Cobalt Strike payload 9-19-2017
• 2017.09 [mwrinfosecurity] “Tasking” Office 365 for Cobalt Strike C2
• 2017.09 [cobaltstrike] Cobalt Strike 3.9 – Livin’ in a Stager’s Paradise
• 2017.06 [vkremez] Let's Learn (DIY): Sophisticated Cobalt Strike Gang's CVE-2017-0199 Loader
• 2017.05 [cobaltstrike] Cobalt Strike 3.8 – Who’s Your Daddy?
• 2017.04 [ecforce] CVE-2017-0199 exploitation with Cobalt Strike tutorial
• 2017.04 [trustedsec] Equation Group Dump Analysis and Full RCE on Win7 on MS17-010 with Cobalt Strike
• 2017.03 [cobaltstrike] Cobalt Strike 3.7 – Cat, Meet Mouse
• 2017.02 [zairon] From RTF to Cobalt Strike passing via Flash
• 2017.01 [inspired] WMI Persistence with Cobalt Strike
• 2016.12 [cobaltstrike] Cobalt Strike 3.6 – A Path for Privilege Escalation
• 2016.12 [threatexpress] Slack Notifications for Cobalt Strike
• 2016.10 [cobaltstrike] Cobalt Strike Tapas II
• 2016.10 [cobaltstrike] Cobalt Strike 3.5.1 – Important Security Update
• 2016.09 [cobaltstrike] Cobalt Strike RCE. Active Exploitation Reported.
• 2016.09 [cobaltstrike] Cobalt Strike 3.5 – UNIX Post Exploitation
• 2016.09 [cobaltstrike] Cobalt Strike Tapas
• 2016.07 [cobaltstrike] Cobalt Strike 3.4 – Operational Details
• 2016.07 [cobaltstrike] HOWTO: Reset Your Cobalt Strike License Key
• 2016.06 [bluescreenofjeff] Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite
• 2014.01 [security] Four Days with Cortana Script Engine - Cobalt Strike/Armitage
• 2013.12 [security] Three Days with Cortana Script Engine - Cobalt Strike/Armitage
• 2013.12 [security] Cobalt Strike Report Hosts Mod
• 2013.12 [security] Two Days with Cortana Script Engine - Cobalt Strike/Armitage
• 2013.12 [security] One Day with Cortana Script Engine - Cobalt Strike/Armitage
• 2012.08 [toolswatch] Blackhat USA 2012: Interview with Raphael Mudge about Armitage (Also Introducing CobaltStrike)

Contribute

Contents auto exported by Our System, please raise Issue if you have any question.