├── Readme.md
├── Readme_en.md
└── history
    ├── CobaltStrike_20200531095202.json
    ├── CobaltStrike_20200531095202.md
    └── CobaltStrike_20200531095202_en.md


/Readme.md:
--------------------------------------------------------------------------------
  1 | # [所有收集类项目](https://github.com/alphaSeclab/all-my-collection-repos)
  2 | 
  3 | 
  4 | 
  5 | 
  6 | # CobaltStrike
  7 | 
  8 | 
  9 | - 跟Cobalt Strike相关资料, 包括100+工具和200+文章
 10 | - [English Version](https://github.com/alphaSeclab/cobalt-strike/blob/master/Readme_en.md)
 11 | 
 12 | 
 13 | # 目录
 14 | - [External C2](#354ab7654ce3b7c2bdaadd4b8cec655a) ->  [(9)工具](#f68ecdb8fb6ad2a853974daa90aed75d) [(10)文章](#3f8322b76fd5bf27bcced5676ecb23cb)
 15 | - [Malleable C2](#3c7575eb27204dbf1ed80f96706c2967) ->  [(6)工具](#61838d4bce2285c7772b309c7bf77300) [(10)文章](#803659291490cf303d14af45bfededa8)
 16 | - [Beacon](#403f0531bfef73b0950ebb204f8c943c) ->  [(24)工具](#d3f40c082e959ea8eb4972d192491986) [(63)文章](#9d08b2a4104484ddea919603692e4efd)
 17 | - [Listener](#3e1518acb4f724d940248244d90c84d3) ->  [(1)工具](#5a709999cb246f31f15954a28e510804)
 18 | - [Aggressor Script](#a9814deb7dba1a899218c27971bb0143) ->  [(29)工具](#57402818113a06fa8c16d023ce6fae05) [(8)文章](#bbf6ba0a11dd2a6e0f86469609796fe7)
 19 | - [新添加](#bbe1c2fab620850440dbdc9cafad4280) ->  [(39)工具](#cfa38dd2bfe0bd0fa27d73e7bd2e12f6) [(117)文章](#6368df4dcd53ad109982557bf1062b9d)
 20 | 
 21 | 
 22 | # <a id="354ab7654ce3b7c2bdaadd4b8cec655a"></a>External C2
 23 | 
 24 | 
 25 | ***
 26 | 
 27 | 
 28 | ## <a id="f68ecdb8fb6ad2a853974daa90aed75d"></a>工具
 29 | 
 30 | 
 31 | - [**325**星][2y] [C#] [spiderlabs/dohc2](https://github.com/spiderlabs/dohc2) DoHC2 allows the ExternalC2 library from Ryan Hanson (
 32 | - [**222**星][23d] [PS] [qax-a-team/cobaltstrike-toolset](https://github.com/QAX-A-Team/CobaltStrike-Toolset) Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
 33 | - [**188**星][3y] [C#] [ryhanson/externalc2](https://github.com/ryhanson/externalc2) A library for integrating communication channels with the Cobalt Strike External C2 server
 34 | - [**150**星][26d] [Py] [und3rf10w/external_c2_framework](https://github.com/und3rf10w/external_c2_framework) Python api for usage with cobalt strike's External C2 specification
 35 | - [**140**星][1m] [C++] [xorrior/raven](https://github.com/xorrior/raven) CobaltStrike External C2 for Websockets
 36 | - [**76**星][30d] [C] [outflanknl/external_c2](https://github.com/outflanknl/external_c2) POC for Cobalt Strike external C2
 37 | - [**58**星][1y] [C#] [mdsecactivebreach/browser-externalc2](https://github.com/mdsecactivebreach/browser-externalc2) External C2 Using IE COM Objects
 38 | - [**58**星][2m] [Py] [truneski/external_c2_framework](https://github.com/truneski/external_c2_framework) Python api for usage with cobalt strike's External C2 specification
 39 | - [**37**星][3m] [Go] [lz1y/gecc](https://github.com/lz1y/gecc) Cobalt Strike - Go External C2 Client
 40 | 
 41 | 
 42 | ***
 43 | 
 44 | 
 45 | ## <a id="3f8322b76fd5bf27bcced5676ecb23cb"></a>文章
 46 | 
 47 | 
 48 | - 2019.12 [talosintelligence] [WAGO PFC200 iocheckd service "I/O-Check" external tool information exposure vulnerability](https://talosintelligence.com/vulnerability_reports/TALOS-2019-0862)
 49 | - 2019.10 [aliyun] [Cobalt Strike 的 ExternalC2](https://xz.aliyun.com/t/6565)
 50 | - 2019.03 [4hou] [恶意软件如何将External C2和IE COM对象用于命令和控制](https://www.4hou.com/technology/16215.html)
 51 | - 2019.03 [aliyun] [探索CobaltStrike的External C2框架](https://xz.aliyun.com/t/4220)
 52 | - 2019.02 [mdsec] [External C2, IE COM Objects and how to use them for Command and Control](https://www.mdsec.co.uk/2019/02/external-c2-ie-com-objects-and-how-to-use-them-for-command-and-control/)
 53 | - 2018.04 [360] [一起探索Cobalt Strike的ExternalC2框架](https://www.anquanke.com/post/id/103395/)
 54 | - 2018.04 [aliyun] [深入探索Cobalt Strike的ExternalC2框架](https://xz.aliyun.com/t/2239)
 55 | - 2018.03 [xpnsec] [探索Cobalt Strike与C&C通信的ExternalC2框架/通信规范](https://blog.xpnsec.com/exploring-cobalt-strikes-externalc2-framework/)
 56 | - 2017.10 [360] [Cobalt Strike的特殊功能（external_C2）探究](https://www.anquanke.com/post/id/86980/)
 57 | - 2013.10 [colinpoflynn] [PLIP DEC2013: Hardware Co-Sim with External Hardware (Serial Port)](https://www.youtube.com/watch?v=g8z5UtcuNyE)
 58 | 
 59 | 
 60 | # <a id="3c7575eb27204dbf1ed80f96706c2967"></a>Malleable C2
 61 | 
 62 | 
 63 | ***
 64 | 
 65 | 
 66 | ## <a id="61838d4bce2285c7772b309c7bf77300"></a>工具
 67 | 
 68 | 
 69 | - [**462**星][2y] [rsmudge/malleable-c2-profiles](https://github.com/rsmudge/malleable-c2-profiles) Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
 70 | - [**217**星][2y] [Py] [bluscreenofjeff/malleable-c2-randomizer](https://github.com/bluscreenofjeff/malleable-c2-randomizer) A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls
 71 | - [**205**星][23d] [threatexpress/malleable-c2](https://github.com/threatexpress/malleable-c2) Cobalt Strike Malleable C2 Design and Reference Guide
 72 | - [**105**星][9m] [xx0hcd/malleable-c2-profiles](https://github.com/xx0hcd/malleable-c2-profiles) Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike
 73 | - [**41**星][3y] [bluscreenofjeff/malleablec2profiles](https://github.com/bluscreenofjeff/malleablec2profiles) Malleable C2 profiles for Cobalt Strike
 74 | - [**None**星][Py] [fortynorthsecurity/c2concealer](https://github.com/fortynorthsecurity/c2concealer) C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.
 75 | 
 76 | 
 77 | ***
 78 | 
 79 | 
 80 | ## <a id="803659291490cf303d14af45bfededa8"></a>文章
 81 | 
 82 | 
 83 | - 2018.12 [freebuf] [关于Cobalt Strike的Malleable-C2-Profiles浅析](https://www.freebuf.com/articles/rookie/189948.html)
 84 | - 2018.09 [aliyun] [【翻译】深入研究cobalt strike malleable C2配置文件](https://xz.aliyun.com/t/2796)
 85 | - 2018.09 [specterops] [A Deep Dive into Cobalt Strike Malleable C2](https://medium.com/p/6660e33b0e0b)
 86 | - 2018.09 [threatexpress] [A Deep Dive into Cobalt Strike Malleable C2](http://threatexpress.com/2018/09/a-deep-dive-into-cobalt-strike-malleable-c2/)
 87 | - 2018.09 [threatexpress] [A Deep Dive into Cobalt Strike Malleable C2](http://threatexpress.com/blogs/2018/a-deep-dive-into-cobalt-strike-malleable-c2/)
 88 | - 2018.06 [cobaltstrike] [Broken Promises and Malleable C2 Profiles](https://blog.cobaltstrike.com/2018/06/04/broken-promises-and-malleable-c2-profiles/)
 89 | - 2018.01 [threatexpress] [Automating Apache mod_rewrite and Cobalt Strike Malleable C2 for Intelligent Redirection](http://threatexpress.com/2018/02/automating-cobalt-strike-profiles-apache-mod_rewrite-htaccess-files-intelligent-c2-redirection/)
 90 | - 2017.08 [bluescreenofjeff] [Randomized Malleable C2 Profiles Made Easy](https://bluescreenofjeff.com/2017-08-30-randomized-malleable-c2-profiles-made-easy/)
 91 | - 2017.01 [bluescreenofjeff] [How to Write Malleable C2 Profiles for Cobalt Strike](https://bluescreenofjeff.com/2017-01-24-how-to-write-malleable-c2-profiles-for-cobalt-strike/)
 92 | - 2014.07 [harmj0y] [A Brave New World: Malleable C2](http://www.harmj0y.net/blog/redteaming/a-brave-new-world-malleable-c2/)
 93 | 
 94 | 
 95 | # <a id="403f0531bfef73b0950ebb204f8c943c"></a>Beacon
 96 | 
 97 | 
 98 | ***
 99 | 
100 | 
101 | ## <a id="d3f40c082e959ea8eb4972d192491986"></a>工具
102 | 
103 | 
104 | - [**244**星][6m] [PS] [rsmudge/elevatekit](https://github.com/rsmudge/elevatekit) The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
105 | - [**193**星][17d] [Go] [darkr4y/geacon](https://github.com/darkr4y/geacon) Practice Go programming and implement CobaltStrike's Beacon in Go
106 | - [**129**星][2m] [JS] [dermike/slide-beacon-app](https://github.com/dermike/slide-beacon-app) Share links from your Mac using this app to broadcast them as a Physical Web Eddystone URL bluetooth beacon or mDNS.
107 | - [**115**星][4m] [HTML] [romanemelyanov/cobaltstrikeforensic](https://github.com/romanemelyanov/cobaltstrikeforensic) Toolset for research malware and Cobalt Strike beacons
108 | - [**71**星][6m] [Py] [daddycocoaman/beacongraph](https://github.com/daddycocoaman/beacongraph) Graph visualization of wireless client and access point relationships
109 | - [**59**星][24d] [Go] [averagesecurityguy/c2](https://github.com/averagesecurityguy/c2) A simple, extensible C&C beaconing system.
110 | - [**57**星][2m] [Shell] [cyb0r9/network-attacker](https://github.com/Cyb0r9/network-attacker) Programmed For Penetration Testing Beginners . This Program Based on Mdk3 . "WiFi Stress Testing Beacon Flooding & Deauthentication Attack "
111 | - [**56**星][24d] [HTML] [aravinthpanch/rssi](https://github.com/aravinthpanch/rssi) Indoor localisation using RSSI. RSSI is received signal strength indicator in IEEE 802.11 beacon packet to announce the presence of WiFi.This tool was built to study & visualize the data collected in the experiments. This was done at Telecommunications Network Group (TKN), Berlin as part of EVARILOS.
112 | - [**50**星][2m] [001spartan/csfm](https://github.com/001spartan/csfm) Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.
113 | - [**45**星][10m] [JS] [dermike/physical-web-scan-app](https://github.com/dermike/physical-web-scan-app) Mac OSX desktop client app to scan for Physical Web (Eddystone) bluetooth beacons
114 | - [**39**星][4m] [C++] [lijuno/nrf24_ble](https://github.com/lijuno/nRF24_BLE) Hacking nRF24L01+ as a low-cost BLE beacon
115 | - [**30**星][5m] [chriso0710/pikiosk](https://github.com/chriso0710/pikiosk) Automate Chromium in kiosk mode and Eddystone beacon on Raspberry Pi Raspbian Jessie with Ansible. Use a single command to update the kiosk and Eddystone URLs on all machines.
116 | - [**29**星][24d] [TS] [iot-makers/sigfox-platform](https://github.com/iot-makers/sigfox-platform) Open Source platform to display and parse Sigfox messages in real time with Sigfox, GPS, WiFi & beacon geolocalisation
117 | - [**25**星][9m] [C] [clockfort/wifi-locator](https://github.com/clockfort/wifi-locator) Determines physical location of station judging from 802.11 beacons' BSSID/Signal/Noise/Quality information.
118 | - [**20**星][5m] [C++] [6e726d/native-wifi-api-beacon-sniffer](https://github.com/6e726d/native-wifi-api-beacon-sniffer) Tool that dumps beacon frames to a pcap file. Works on Windows Vista or Later with any Wireless Card.
119 | - [**14**星][23d] [Py] [mlodic/ursnif_beacon_decryptor](https://github.com/mlodic/ursnif_beacon_decryptor) Ursnif beacon decryptor
120 | - [**12**星][1m] [Go] [wahyuhadi/beacon-c2-go](https://github.com/wahyuhadi/beacon-c2-go) backdoor c2
121 | - [**11**星][3m] [Dockerfile] [d3vzer0/cnc-relay](https://github.com/d3vzer0/cnc-relay) Docker projects to retain beacon source IPs using C2 relaying infra
122 | - [**10**星][2y] [C] [wifimon/wifimon](https://github.com/wifimon/wifimon) Wi-fi 802.11 Beacon Frame sniffer
123 | - [**9**星][3y] [C] [loukamb/beacon](https://github.com/loukamb/beacon) Lightweight, header-only C++ IPC library for Windows operating systems (Vista+) using advanced local procedure calls
124 | - [**9**星][4m] [Py] [ajackal/cherrywasp](https://github.com/ajackal/cherrywasp) An 802.11 probe request and beacon sniffer.
125 | - [**2**星][9m] [Shell] [b3n-j4m1n/flood-kick-sniff](https://github.com/b3n-j4m1n/flood-kick-sniff) Known Beacons attack tool
126 | - [**2**星][5m] [Shell] [op7ic/rt-officebeaconbox](https://github.com/op7ic/rt-officebeaconbox) Simple Office-based beacon that calls back to your server for phishing exercises.
127 | - [**None**星][C++] [rvn0xsy/linco2](https://github.com/rvn0xsy/linco2) 模拟Cobalt Strike的Beacon与C2通信过程，实现了基于HTTP协议的Linux C2
128 | 
129 | 
130 | ***
131 | 
132 | 
133 | ## <a id="9d08b2a4104484ddea919603692e4efd"></a>文章
134 | 
135 | 
136 | - 2020.05 [pentestpartners] [Short beacon analysis on the NHS iOS Tracking application](https://www.pentestpartners.com/security-blog/short-beacon-analysis-on-the-nhs-ios-tracking-application/)
137 | - 2020.05 [findingbad] [Hunting for Beacons Part 2](http://findingbad.blogspot.com/2020/05/hunting-for-beacons-part-2.html)
138 | - 2020.05 [findingbad] [Hunting for Beacons](http://findingbad.blogspot.com/2020/05/hunting-for-beacons.html)
139 | - 2020.04 [activecountermeasures] [Threat Simulation – Beacons](https://www.activecountermeasures.com/threat-simulation-beacons/)
140 | - 2020.04 [tindie] [UHF Radio Beacon for Lost RC Models](https://blog.tindie.com/2020/04/uhf-radio-beacon-lost-rc-models/)
141 | - 2020.04 [aliyun] [cobaltstrike dns beacon知多少](https://xz.aliyun.com/t/7488)
142 | - 2020.03 [blackhillsinfosec] [Detecting Malware Beacons With Zeek and RITA](https://www.blackhillsinfosec.com/detecting-malware-beacons-with-zeek-and-rita/)
143 | - 2020.01 [fox] [Hunting for beacons](https://blog.fox-it.com/2020/01/15/hunting-for-beacons/)
144 | - 2019.11 [s0lst1c3] [Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks](https://posts.specterops.io/modern-wireless-attacks-pt-ii-mana-and-known-beacon-attacks-97a359d385f9)
145 | - 2019.10 [specterops] [Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks](https://medium.com/p/97a359d385f9)
146 | - 2019.08 [TechMinds] [Hunting LF/MF/HF Beacons With An Airspy HF+ Discovery](https://www.youtube.com/watch?v=PduaBOMPlz4)
147 | - 2019.05 [activecountermeasures] [Detecting Beacons With Jitter](https://www.activecountermeasures.com/detecting-beacons-with-jitter/)
148 | - 2019.05 [freebuf] [通过ee-outliers与Elasticsearch检测TLS beaconing](https://www.freebuf.com/sectool/202735.html)
149 | - 2019.04 [activecountermeasures] [Simplifying Beacon Analysis through Big Data Analysis](https://www.activecountermeasures.com/simplifying-beacon-analysis-through-big-data-analysis/)
150 | - 2019.04 [NDSSSymposium] [NDSS 2019  MBeacon: Privacy-Preserving Beacons for DNA Methylation Data](https://www.youtube.com/watch?v=ZF78gBfppfM)
151 | - 2019.02 [sensorfu] [SensorFu Beacon How To: 3 steps to always know if your isolated Linux leaks](https://medium.com/p/e2206252782c)
152 | - 2019.02 [sensorfu] [Deploying SensorFu Beacon Windows Application with GPO](https://medium.com/p/530e315f25a)
153 | - 2019.02 [rapid7] [Smart Sensors: A Look at Beacon Security](https://blog.rapid7.com/2019/02/05/smart-sensors-a-look-at-beacon-security/)
154 | - 2019.02 [sensorfu] [Using SensorFu Beacon to supplement Threat Intel](https://medium.com/p/ff8dc1a3bfb8)
155 | - 2018.12 [nviso] [TLS beaconing detection using ee-outliers and Elasticsearch](https://blog.nviso.be/2018/12/11/tls-beaconing-detection-using-ee-outliers-and-elasticsearch/)
156 | - 2018.11 [DEFCONConference] [DEF CON 26 HARDWARE HACKING VILLAGE - John Aho -  WiFi Beacons will give you up](https://www.youtube.com/watch?v=1XoxtcBGga0)
157 | - 2018.10 [NullByte] [Track & Connect to Smartphones with a Beacon Swarm [Tutorial]](https://www.youtube.com/watch?v=o95Or-Z_Ybk)
158 | - 2018.09 [blackhillsinfosec] [PODCAST: Beacon Analysis](https://www.blackhillsinfosec.com/beaconanalysis/)
159 | - 2018.09 [activecountermeasures] [Threat Hunting Beacon Analysis Webcast from September 11, 2018](https://www.activecountermeasures.com/threat-hunting-beacon-analysis-webcast-from-september-11-2018/)
160 | - 2018.08 [activecountermeasures] [Threat Hunting – Simplifying The Beacon Analysis Process](https://www.activecountermeasures.com/threat-hunting-simplifying-the-beacon-analysis-process/)
161 | - 2018.08 [activecountermeasures] [Beacon Analysis – The Key to Cyber Threat Hunting](https://www.activecountermeasures.com/blog-beacon-analysis-the-key-to-cyber-threat-hunting/)
162 | - 2018.08 [jpcert] [Volatility Plugin for Detecting Cobalt Strike Beacon](https://blog.jpcert.or.jp/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html)
163 | - 2018.08 [jpcert] [Volatility Plugin for Detecting Cobalt Strike Beacon](https://blogs.jpcert.or.jp/en/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html)
164 | - 2018.04 [activecountermeasures] [New Beacon Graph in the Works](https://www.activecountermeasures.com/new-beacon-graph-in-the-works/)
165 | - 2018.04 [3gstudent] [CIA Hive Beacon Infrastructure复现2——使用Apache mod_rewrite实现https流量分发](https://3gstudent.github.io/3gstudent.github.io/CIA-Hive-Beacon-Infrastructure%E5%A4%8D%E7%8E%B02-%E4%BD%BF%E7%94%A8Apache-mod_rewrite%E5%AE%9E%E7%8E%B0https%E6%B5%81%E9%87%8F%E5%88%86%E5%8F%91/)
166 | - 2018.04 [3gstudent] [CIA Hive Beacon Infrastructure复现2——使用Apache mod_rewrite实现https流量分发](https://3gstudent.github.io/3gstudent.github.io/CIA-Hive-Beacon-Infrastructure%E5%A4%8D%E7%8E%B02-%E4%BD%BF%E7%94%A8Apache-mod_rewrite%E5%AE%9E%E7%8E%B0https%E6%B5%81%E9%87%8F%E5%88%86%E5%8F%91/)
167 | - 2018.04 [3gstudent] [CIA Hive Beacon Infrastructure复现1——使用Apache mod_rewrite实现http流量分发](https://3gstudent.github.io/3gstudent.github.io/CIA-Hive-Beacon-Infrastructure%E5%A4%8D%E7%8E%B01-%E4%BD%BF%E7%94%A8Apache-mod_rewrite%E5%AE%9E%E7%8E%B0http%E6%B5%81%E9%87%8F%E5%88%86%E5%8F%91/)
168 | - 2018.04 [3gstudent] [CIA Hive Beacon Infrastructure复现1——使用Apache mod_rewrite实现http流量分发](https://3gstudent.github.io/3gstudent.github.io/CIA-Hive-Beacon-Infrastructure%E5%A4%8D%E7%8E%B01-%E4%BD%BF%E7%94%A8Apache-mod_rewrite%E5%AE%9E%E7%8E%B0http%E6%B5%81%E9%87%8F%E5%88%86%E5%8F%91/)
169 | - 2018.04 [rvrsh3ll] [Redirecting Cobalt Strike DNS Beacons](https://medium.com/p/e3dcdb5a8b9b)
170 | - 2018.02 [census] [The Known Beacons Attack (34th Chaos Communication Congress)](https://census-labs.com/news/2018/02/01/known-beacons-attack-34c3/)
171 | - 2017.06 [cobaltstrike] [OPSEC Considerations for Beacon Commands](https://blog.cobaltstrike.com/2017/06/23/opsec-considerations-for-beacon-commands/)
172 | - 2017.06 [360] [使用Flare、Elastic Stack、IDS检测恶意软件通信的“beaconing”](https://www.anquanke.com/post/id/86285/)
173 | - 2017.06 [social] [Web Beacons for Social Engineering Reconnaissance](https://www.social-engineer.org/general-blog/web-beacons-social-engineering-reconnaissance/)
174 | - 2017.06 [austintaylor] [使用 Flare、ElasticStack 及 IDS 检测 Beaconing（恶意软件周期性与C&C通信的过程）](http://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/)
175 | - 2017.06 [longtermsec] [Chrome just hardened the Navigator Beacon API against Cross-Site-Request-Forgery (CSRF)](https://medium.com/p/690239ccccf)
176 | - 2017.02 [freebuf] [Cobalt Strike之DNS Beacon使用记录](http://www.freebuf.com/sectool/127125.html)
177 | - 2016.11 [jerrygamblin] [Spoofing Beacon Frames From The 5000 Most Common SSIDS](https://jerrygamblin.com/2016/11/27/spoofing-the-top-5000-ssids/)
178 | - 2016.10 [rvrsh3ll] [Redirecting Cobalt Strike DNS Beacons](http://www.rvrsh3ll.net/blog/offensive/redirecting-cobalt-strike-dns-beacons/)
179 | - 2016.09 [christophertruncer] [Receiving Text Messages for your Incoming Beacons](https://www.christophertruncer.com/receiving-text-messages-for-your-incoming-beacons/)
180 | - 2016.07 [] [Forging WiFi Beacon Frames Using Scapy](https://www.4armed.com/blog/forging-wifi-beacon-frames-using-scapy/)
181 | - 2016.05 [breakpoint] [Using Python to Decrypt Dispind.A and Helminth HTTP Beacons](https://breakpoint-labs.com/blog/using-python-to-decrypt-dispind-a-and-helminth-http-beacons/)
182 | - 2016.05 [arxiv] [[1605.04559] Bitcoin Beacon](https://arxiv.org/abs/1605.04559)
183 | - 2015.11 [freebuf] [HackRF嗅探蓝牙重放iBeacons信号](http://www.freebuf.com/articles/wireless/86345.html)
184 | - 2015.11 [alienvault] [Ultrasound Tracking Beacons Making Things Sort of Creepy For Consumers](https://www.alienvault.com/blogs/security-essentials/ultrasound-tracking-beacons-making-things-sort-of-creepy-for-consumers)
185 | - 2015.10 [z4ziggy] [Exploring Bluetooth & iBeacons – from software to radio signals and back.](https://z4ziggy.wordpress.com/2015/10/01/exploring-bluetooth-and-ibeacons-from-software-to-radio-signals-and-back/)
186 | - 2015.09 [christophertruncer] [Upgrading Your Shells to Beacons](https://www.christophertruncer.com/upgrade-your-shells-to-beacons/)
187 | - 2015.07 [securitykitten] [Finding Beacons With Bro](http://securitykitten.github.io/finding-beacons-with-bro/)
188 | - 2015.04 [arxiv] [[1504.07192] Location-aware sign-on and key exchange using attribute-based encryption and Bluetooth beacons](https://arxiv.org/abs/1504.07192)
189 | - 2015.01 [securityriskadvisors] [Beaconing Past McAfee ePO](http://securityriskadvisors.com/blog/post/beaconing-past-mcafee-epo/)
190 | - 2014.10 [sans] [CSAM: Be Wary of False Beacons](https://isc.sans.edu/forums/diary/CSAM+Be+Wary+of+False+Beacons/18813/)
191 | - 2014.08 [freebuf] [BTLE/BT4.0低功耗蓝牙无线发包器（可模拟iBeacon、建链、通信等）](http://www.freebuf.com/sectool/40078.html)
192 | - 2014.05 [rsa] [Sality Botnet Beacons Change- How to Detect It](https://community.rsa.com/community/products/netwitness/blog/2014/05/09/sality-botnet-beacons-change-how-to-detect-it)
193 | - 2014.05 [metaflows] [Got Beacons?](https://www.metaflows.com/blog/got-beacons/)
194 | - 2014.02 [rsa] [Detecting the Zusy Botnet Beaconing](https://community.rsa.com/community/products/netwitness/blog/2014/02/20/detecting-the-zusy-botnet-beaconing)
195 | - 2013.11 [freebuf] [关于分析Cobalt Strike的beacon.dll的一些TIPS](http://www.freebuf.com/articles/system/18404.html)
196 | - 2012.12 [arxiv] [[1212.2404] A beaconing approach whith key exchange in vehicular ad hoc networks](https://arxiv.org/abs/1212.2404)
197 | - 2012.10 [toolswatch] [New feature “Beacon” added to Cobalt Strike](http://www.toolswatch.org/2012/10/new-feature-beacon-added-to-cobalt-strike/)
198 | - 2012.07 [talosintelligence] [Banking Trojan Spread Via UPS Phish Uses 0xDEADBEEF Beacon](https://blog.talosintelligence.com/2012/07/banking-trojan-spread-via-ups-phish.html)
199 | 
200 | 
201 | # <a id="3e1518acb4f724d940248244d90c84d3"></a>Listener
202 | 
203 | 
204 | ***
205 | 
206 | 
207 | ## <a id="5a709999cb246f31f15954a28e510804"></a>工具
208 | 
209 | 
210 | - [**49**星][20d] [Shell] [taherio/redi](https://github.com/taherio/redi) Automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt)
211 | 
212 | 
213 | # <a id="a9814deb7dba1a899218c27971bb0143"></a>Aggressor Script
214 | 
215 | 
216 | ***
217 | 
218 | 
219 | ## <a id="57402818113a06fa8c16d023ce6fae05"></a>工具
220 | 
221 | 
222 | - [**758**星][8m] [C#] [harleyqu1nn/aggressorscripts](https://github.com/harleyqu1nn/aggressorscripts) Cobalt Strike 3.0+ Aggressor 脚本收集
223 | - [**378**星][2y] [bluscreenofjeff/aggressorscripts](https://github.com/bluscreenofjeff/aggressorscripts) Aggressor scripts for use with Cobalt Strike 3.0+
224 | - [**369**星][18d] [Java] [rsmudge/cortana-scripts](https://github.com/rsmudge/cortana-scripts) A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called Aggressor Script.
225 | - [**252**星][3y] [PS] [und3rf10w/aggressor-scripts](https://github.com/und3rf10w/aggressor-scripts) Aggressor scripts I've made for Cobalt Strike
226 | - [**215**星][2y] [C#] [spiderlabs/sharpcompile](https://github.com/spiderlabs/sharpcompile) SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing…
227 | - [**175**星][22d] [uknowsec/sharptoolsaggressor](https://github.com/uknowsec/sharptoolsaggressor) 内网渗透中常用的c#程序整合成cs脚本，直接内存加载。持续更新~
228 | - [**174**星][2y] [ramen0x3f/aggressorscripts](https://github.com/ramen0x3f/aggressorscripts)  audit your machines or machines you're authorized to audit
229 | - [**144**星][4m] [PS] [vysecurity/aggressor-vysec](https://github.com/vysecurity/Aggressor-VYSEC) CobaltStrike Aggressor Scripts
230 | - [**126**星][2y] [zonksec/persistence-aggressor-script](https://github.com/zonksec/persistence-aggressor-script) initial commit
231 | - [**102**星][2y] [PS] [rhinosecuritylabs/aggressor-scripts](https://github.com/rhinosecuritylabs/aggressor-scripts) Aggregation of Cobalt Strike's aggressor scripts.
232 | - [**101**星][27d] [001spartan/aggressor_scripts](https://github.com/001spartan/aggressor_scripts) A collection of useful scripts for Cobalt Strike
233 | - [**97**星][2y] [PS] [rasta-mouse/aggressor-script](https://github.com/rasta-mouse/aggressor-script) Collection of Aggressor Scripts for Cobalt Strike
234 | - [**93**星][4m] [Py] [fortynorthsecurity/aggressorassessor](https://github.com/fortynorthsecurity/aggressorassessor) Aggressor scripts for phases of a pen test or red team assessment
235 | - [**87**星][22d] [k8gege/aggressor](https://github.com/k8gege/Aggressor) Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force
236 | - [**87**星][22d] [k8gege/aggressor](https://github.com/k8gege/aggressor) Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force
237 | - [**73**星][27d] [vysecurity/cve-2018-4878](https://github.com/vysecurity/CVE-2018-4878) Aggressor Script to launch IE driveby for CVE-2018-4878
238 | - [**68**星][2y] [tevora-threat/powerview3-aggressor](https://github.com/tevora-threat/powerview3-aggressor) Cobalt Strike Aggressor script menu for Powerview/SharpView
239 | - [**57**星][2y] [PS] [invokethreatguy/csasc](https://github.com/invokethreatguy/csasc) Cobalt Strike Aggressor Script Collection
240 | - [**46**星][4m] [Py] [coalfire-research/vampire](https://github.com/coalfire-research/vampire) Vampire is an aggressor script which integrates with BloodHound to mark nodes as owned.
241 | - [**46**星][16d] [JS] [threatexpress/aggressor-scripts](https://github.com/threatexpress/aggressor-scripts) Cobalt Strike Aggressor Scripts
242 | - [**43**星][27d] [tevora-threat/aggressor-powerview](https://github.com/tevora-threat/aggressor-powerview) PowerView menu for Cobalt Strike
243 | - [**39**星][2y] [secgroundzero/cs-aggressor-scripts](https://github.com/secgroundzero/cs-aggressor-scripts) Aggressor Scripts for Cobalt Strike
244 | - [**30**星][17d] [mgeeky/cobalt-arsenal](https://github.com/mgeeky/cobalt-arsenal) My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
245 | - [**25**星][6m] [scanfsec/cve-2018-15982](https://github.com/scanfsec/cve-2018-15982) Aggressor Script to launch IE driveby for CVE-2018-15982.
246 | - [**22**星][3y] [PS] [oldb00t/aggressorscripts](https://github.com/oldb00t/aggressorscripts) Cobaltstrike Aggressor Scripts
247 | - [**22**星][12m] [superdong0/aggressor_mail](https://github.com/superdong0/aggressor_mail) beacon,aggressor-scripts,cna,cobalt-strike,email
248 | - [**18**星][3m] [mdsecactivebreach/execute-githubassembly-aggressor](https://github.com/mdsecactivebreach/execute-githubassembly-aggressor) Aggressor Script to Execute Assemblies from Github
249 | - [**1**星][8m] [kingsabri/aggressorscripts](https://github.com/kingsabri/aggressorscripts) A collection of Cobalt Strike aggressor scripts
250 | - [**None**星][C] [timwhitez/cobalt-strike-aggressor-scripts](https://github.com/timwhitez/cobalt-strike-aggressor-scripts) Cobalt Strike Aggressor 插件包
251 | 
252 | 
253 | ***
254 | 
255 | 
256 | ## <a id="bbf6ba0a11dd2a6e0f86469609796fe7"></a>文章
257 | 
258 | 
259 | - 2019.06 [rastamouse] [The Return of Aggressor](https://rastamouse.me/2019/06/the-return-of-aggressor/)
260 | - 2018.07 [tevora] [A SharpView and More Aggressor](https://threat.tevora.com/a-sharpview-and-more-aggressor/)
261 | - 2018.03 [tevora] [Aggressor PowerView](http://threat.tevora.com/aggressor-powerview/)
262 | - 2018.03 [] [Aggressor 101: Unleashing Cobalt Strike for Fun and Profit](https://medium.com/p/879bf22cea31)
263 | - 2018.02 [360] [Cobalt  Strike神器高级教程利用Aggressor脚本编写目标上线邮件提醒](https://www.anquanke.com/post/id/98829/)
264 | - 2016.11 [bluescreenofjeff] [Beaconpire - Cobalt Strike and Empire Interoperability with Aggressor Script](https://bluescreenofjeff.com/2016-11-29-beaconpire-cobalt-strike-and-empire-interoperability-with-aggressor-script/)
265 | - 2016.09 [bluescreenofjeff] [Adding Easy GUIs to Aggressor Scripts](https://bluescreenofjeff.com/2016-09-07-adding-easy-guis-to-aggressor-scripts/)
266 | - 2016.05 [zonksec] [Persistence Aggressor Script](https://zonksec.com/blog/persistence-aggressor-script/)
267 | 
268 | 
269 | # <a id="bbe1c2fab620850440dbdc9cafad4280"></a>新添加
270 | 
271 | 
272 | ***
273 | 
274 | 
275 | ## <a id="cfa38dd2bfe0bd0fa27d73e7bd2e12f6"></a>工具
276 | 
277 | 
278 | - [**822**星][4m] [aleenzz/cobalt_strike_wiki](https://github.com/aleenzz/cobalt_strike_wiki) Cobalt Strike系列
279 | - [**409**星][2y] [Shell] [killswitch-gui/cobaltstrike-toolkit](https://github.com/killswitch-gui/cobaltstrike-toolkit) Some useful scripts for CobaltStrike
280 | - [**398**星][21d] [Py] [vysecurity/morphhta](https://github.com/vysecurity/morphHTA) morphHTA - Morphing Cobalt Strike's evil.HTA
281 | - [**225**星][4m] [PS] [outflanknl/excel4-dcom](https://github.com/outflanknl/excel4-dcom) PowerShell和Cobalt Strike脚本，通过DCOM执行Excel4.0/XLM宏实现横向渗透（直接向Excel.exe注入Shellcode）
282 | - [**224**星][3m] [gloxec/crossc2](https://github.com/gloxec/crossc2) generate CobaltStrike's cross-platform payload
283 | - [**213**星][18d] [PS] [vysecurity/angrypuppy](https://github.com/vysecurity/ANGRYPUPPY) Bloodhound Attack Path Automation in CobaltStrike
284 | - [**193**星][4m] [PS] [phink-team/cobaltstrike-ms17-010](https://github.com/phink-team/cobaltstrike-ms17-010) cobaltstrike ms17-010 module and some other
285 | - [**190**星][17d] [Py] [threatexpress/cs2modrewrite](https://github.com/threatexpress/cs2modrewrite) Convert Cobalt Strike profiles to modrewrite scripts
286 | - [**150**星][22d] [C#] [josephkingstone/cobalt_strike_extension_kit](https://github.com/josephkingstone/cobalt_strike_extension_kit) Tired of typing execute-assembly everytime you use Cobalt Strike? Clone this.
287 | - [**117**星][5m] [Py] [verctor/cs_xor64](https://github.com/verctor/cs_xor64) cobaltstrike xor64.bin补完计划
288 | - [**115**星][2y] [ridter/cs_chinese_support](https://github.com/ridter/cs_chinese_support) Cobalt strike 修改支持回显中文。
289 | - [**110**星][18d] [fox-it/cobaltstrike-extraneous-space](https://github.com/fox-it/cobaltstrike-extraneous-space) Historical list of {Cobalt Strike,NanoHTTPD} servers
290 | - [**101**星][3y] [Py] [mr-un1k0d3r/sct-obfuscator](https://github.com/mr-un1k0d3r/sct-obfuscator) Cobalt Strike SCT payload obfuscator
291 | - [**91**星][4m] [0xthirteen/staykit](https://github.com/0xthirteen/staykit) Cobalt Strike kit for Persistence
292 | - [**89**星][5m] [C#] [jnqpblc/sharpspray](https://github.com/jnqpblc/sharpspray) SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.
293 | - [**89**星][17d] [Py] [k8gege/scrun](https://github.com/k8gege/scrun) BypassAV ShellCode Loader (Cobaltstrike/Metasploit)
294 | - [**88**星][1y] [Py] [dcsync/pycobalt](https://github.com/dcsync/pycobalt) Cobalt Strike API, Python版本
295 | - [**87**星][1m] [Py] [ryanohoro/csbruter](https://github.com/ryanohoro/csbruter) Cobalt Strike team server password brute force tool
296 | - [**82**星][2y] [java] [anbai-inc/cobaltstrike_hanization](https://github.com/anbai-inc/cobaltstrike_hanization) CobaltStrike 2.5中文汉化版
297 | - [**73**星][4m] [C#] [0xthirteen/movekit](https://github.com/0xthirteen/movekit) Cobalt Strike kit for Lateral Movement
298 | - [**56**星][4m] [1135/1135-cobaltstrike-toolkit](https://github.com/1135/1135-cobaltstrike-toolkit) about CobaltStrike
299 | - [**51**星][3y] [p292/ddeautocs](https://github.com/p292/ddeautocs) A cobaltstrike script that integrates DDEAuto Attacks
300 | - [**45**星][4m] [C#] [jnqpblc/sharptask](https://github.com/jnqpblc/sharptask) SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.
301 | - [**45**星][28d] [vysecurity/cobaltsplunk](https://github.com/vysecurity/CobaltSplunk) Splunk Dashboard for CobaltStrike logs
302 | - [**41**星][3y] [Go] [empty-nest/emptynest](https://github.com/empty-nest/emptynest) 基于插件的 C2 服务器框架。其目标不是取代某些强大的工具（例如 Empire、Metasploit、CobaltStrike），而是创建一个支持框架，以便为自定义 agents 快速创建小型、专用的 handlers
303 | - [**33**星][3m] [tom4t0/cobalt-strike-persistence](https://github.com/tom4t0/cobalt-strike-persistence) cobalt strike 自启动脚本
304 | - [**30**星][5m] [C#] [mr-un1k0d3r/remoteprocessinjection](https://github.com/mr-un1k0d3r/remoteprocessinjection) C# remote process injection utility for Cobalt Strike
305 | - [**29**星][6m] [redteamwing/cobaltstrike_wiki](https://github.com/redteamwing/cobaltstrike_wiki) Cobalt Strike 3.12中文文档
306 | - [**27**星][2m] [johnnydep/cobaltstrike](https://github.com/johnnydep/cobaltstrike) cobalt strike stuff I have gathered from around github
307 | - [**24**星][21d] [HTML] [ridter/cs_custom_404](https://github.com/ridter/cs_custom_404) Cobalt strike custom 404 page
308 | - [**22**星][5m] [Py] [k8gege/pyladon](https://github.com/k8gege/pyladon) Ladon For Python, Large Network Penetration Scanner & Cobalt Strike, vulnerability / exploit / detection / MS17010
309 | - [**19**星][2m] [icebearfriend/quickrundown](https://github.com/icebearfriend/quickrundown) Smart overlay for Cobalt Strike PS function
310 | - [**17**星][4m] [Py] [attactics/cslogwatch](https://github.com/attactics/cslogwatch) Cobalt Strike log state tracking, parsing, and storage
311 | - [**14**星][2m] [TS] [hattmo/c2profilejs](https://github.com/hattmo/c2profilejs) Web UI for creating C2 profiles for Cobalt Strike
312 | - [**9**星][2y] [Zeek] [sjosz/cnc-detection](https://github.com/sjosz/cnc-detection) Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation
313 | - [**3**星][3m] [Shell] [war-horse/docker-cobaltstrike](https://github.com/war-horse/docker-cobaltstrike) A Cobaltstrike container, built for Warhorse
314 | - [**None**星][C++] [outflanknl/spray-ad](https://github.com/outflanknl/spray-ad) A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
315 | - [**None**星][hack2fun/bypassav](https://github.com/hack2fun/bypassav) Cobalt Strike插件，用于快速生成免杀的可执行文件
316 | - [**None**星][PS] [k8gege/powerladon](https://github.com/k8gege/powerladon) Large Network Penetration Scanner & Cobalt Strike, Ladon for PowerShell, vulnerability / exploit / detection / MS17010
317 | 
318 | 
319 | ***
320 | 
321 | 
322 | ## <a id="6368df4dcd53ad109982557bf1062b9d"></a>文章
323 | 
324 | 
325 | - 2020.04 [venus] [渗透利器 Cobalt Strike 在野利用情况专题分析](https://paper.seebug.org/1190/)
326 | - 2020.04 [t00ls] [CobaltStrike Powershell Bypass AV 初探](https://www.t00ls.net/articles-55754.html)
327 | - 2020.04 [securelist] [Loncom packer: from backdoors to Cobalt Strike](https://securelist.com/loncom-packer-from-backdoors-to-cobalt-strike/96465/)
328 | - 2020.03 [freebuf] [Cobalt Strike折腾踩坑填坑记录](https://www.freebuf.com/sectool/229965.html)
329 | - 2020.03 [venus] [Cobalt Strike 4.0 手册——献给渗透测试人员的先进威胁战术](https://paper.seebug.org/1143/)
330 | - 2020.03 [cobaltstrike] [Cobalt Strike joins Core Impact at HelpSystems, LLC](https://blog.cobaltstrike.com/2020/03/04/cobalt-strike-joins-core-impact-at-helpsystems-llc/)
331 | - 2020.02 [freebuf] [精品公开课｜CobaltStrike基础到进阶](https://www.freebuf.com/open/227850.html)
332 | - 2020.01 [malware] [2020-01-21 - HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2020/01/21/index2.html)
333 | - 2020.01 [freebuf] [内网渗透实验：基于Cobaltstrike的一系列实验](https://www.freebuf.com/vuls/224507.html)
334 | - 2019.12 [4hou] [Cobalt Strike的blockdlls利用分析](https://www.4hou.com/technology/22043.html)
335 | - 2019.12 [malware] [2019-12-10 - DATA DUMP: HANCITOR INFECTION WITH URSNIF AND COBALT STRIKE](http://malware-traffic-analysis.net/2019/12/10/index.html)
336 | - 2019.12 [cobaltstrike] [Cobalt Strike 4.0 – Bring Your Own Weaponization](https://blog.cobaltstrike.com/2019/12/05/cobalt-strike-4-0-bring-your-own-weaponization/)
337 | - 2019.11 [ColinHardy] [Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection](https://www.youtube.com/watch?v=XnN_UWfHlNM)
338 | - 2019.11 [3gstudent] [Cobalt Strike的blockdlls利用分析](https://3gstudent.github.io/3gstudent.github.io/Cobalt_Strike%E7%9A%84blockdlls%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90/)
339 | - 2019.11 [ironcastle] [Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike, (Wed, Nov 20th)](https://www.ironcastle.net/hancitor-infection-with-pony-evil-pony-ursnif-and-cobalt-strike-wed-nov-20th/)
340 | - 2019.11 [aliyun] [Cobaltstrike Server持久化 & Cobaltstrike与Metasploit相互派生shell](https://xz.aliyun.com/t/6722)
341 | - 2019.09 [aliyun] [细说Cobalt Strike进程注入](https://xz.aliyun.com/t/6205)
342 | - 2019.09 [aliyun] [CobaltStrike插件开发官方指南 Part3](https://xz.aliyun.com/t/6189)
343 | - 2019.09 [aliyun] [CobaltStrike插件开发官方指南 Part3](https://xz.aliyun.com/t/6188)
344 | - 2019.08 [cobaltstrike] [Cobalt Strike’s Process Injection: The Details](https://blog.cobaltstrike.com/2019/08/21/cobalt-strikes-process-injection-the-details/)
345 | - 2019.08 [freebuf] [利用CobaltStrike捆绑后门的艺术](https://www.freebuf.com/sectool/210416.html)
346 | - 2019.08 [blackhillsinfosec] [Using CloudFront to Relay Cobalt Strike Traffic](https://www.blackhillsinfosec.com/using-cloudfront-to-relay-cobalt-strike-traffic/)
347 | - 2019.08 [aliyun] [CobaltStrike插件开发官方指南 Part2](https://xz.aliyun.com/t/5892)
348 | - 2019.08 [aliyun] [CobaltStrike插件开发官方指南 Part1](https://xz.aliyun.com/t/5887)
349 | - 2019.08 [aliyun] [初探CobaltStrike权限维持及其自动化](https://xz.aliyun.com/t/5881)
350 | - 2019.08 [4hou] [捆绑后门的艺术--CobaltStrike backdoor分析](https://www.4hou.com/tools/19585.html)
351 | - 2019.07 [malware] [2019-07-22 - HANCITOR-STYLE AMADEY MALSPAM PUSHES PONY & COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/25/index.html)
352 | - 2019.07 [malware] [2019-07-22 - HANCITOR SWITCHES TO AMADEY, STILL PUSHING PONY/URSNIF/COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/22/index.html)
353 | - 2019.07 [malware] [2019-07-03 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/03/index.html)
354 | - 2019.07 [malware] [2019-07-02 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/02/index2.html)
355 | - 2019.06 [evi1cg] [Cobalt Strike Spear Phish](https://evi1cg.me/archives/spear_phish.html)
356 | - 2019.05 [rsa] [Detecting Command and Control in RSA NetWitness: Cobalt Strike](https://community.rsa.com/community/products/netwitness/blog/2019/05/28/detecting-command-and-control-in-rsa-netwitness-cobalt-strike)
357 | - 2019.05 [cobaltstrike] [Cobalt Strike 3.14 – Post-Ex Omakase Shimasu](https://blog.cobaltstrike.com/2019/05/02/cobalt-strike-3-14-post-ex-omakase-shimasu/)
358 | - 2019.04 [pentestpartners] [Cobalt Strike. Walkthrough for Red Teamers](https://www.pentestpartners.com/security-blog/cobalt-strike-walkthrough-for-red-teamers/)
359 | - 2019.04 [4hou] [渗透测试神器Cobalt Strike的“双面间谍”身份分析](https://www.4hou.com/web/16613.html)
360 | - 2019.02 [aliyun] [渗透利器Cobalt Strike - 第2篇 APT级的全面免杀与企业纵深防御体系的对抗](https://xz.aliyun.com/t/4191)
361 | - 2019.02 [obscuritylabs] [Installing CobaltStrike on Ubuntu 18.04](https://obscuritylabs.com/blog/2019/02/23/installing-cobaltstrike-on-ubuntu-18-04/)
362 | - 2019.02 [obscuritylabs] [Installing CobaltStrike on Ubuntu 18.04](https://blog.obscuritylabs.com/install/)
363 | - 2019.02 [4hou] [使用Cobalt Strike和Gargoyle绕过杀软的内存扫描](http://www.4hou.com/binary/16203.html)
364 | - 2019.01 [xpnsec] [How to Argue like Cobalt Strike](https://blog.xpnsec.com/how-to-argue-like-cobalt-strike/)
365 | - 2019.01 [cobaltstrike] [Cobalt Strike 3.13 – Why do we argue?](https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/)
366 | - 2018.11 [olafhartong] [Cobalt Strike Remote Threads detection](https://medium.com/p/206372d11d0f)
367 | - 2018.09 [crowdstrike] [Meet CrowdStrike’s Adversary of the Month for September: COBALT SPIDER](https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-september-cobalt-spider/)
368 | - 2018.09 [cobaltstrike] [Cobalt Strike 3.12 – Blink and you’ll miss it](https://blog.cobaltstrike.com/2018/09/06/cobalt-strike-3-12-blink-and-youll-miss-it/)
369 | - 2018.08 [freebuf] [一起来看看Cobaltstrike和Armitage联动能达到什么效果](http://www.freebuf.com/sectool/180395.html)
370 | - 2018.07 [f] [Bypassing Memory Scanners with Cobalt Strike and Gargoyle](https://labs.f-secure.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/)
371 | - 2018.07 [mwrinfosecurity] [利用 Cobalt Strike 和 Gargoyle 绕过内存扫描器](https://labs.mwrinfosecurity.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/)
372 | - 2018.04 [cobaltstrike] [Cobalt Strike 3.11 – The snake that eats its tail](https://blog.cobaltstrike.com/2018/04/09/cobalt-strike-3-11-the-snake-that-eats-its-tail/)
373 | - 2018.04 [4hou] [【更新】Cobalt strike3.8 中文支持](http://www.4hou.com/technology/10933.html)
374 | - 2018.04 [evi1cg] [Cobalt strike3.8 中文支持(Update)](https://evi1cg.me/archives/CS3_8_chinese_support.html)
375 | - 2018.03 [360] [Cobalt Strike：使用混淆技术绕过Windows Defender](https://www.anquanke.com/post/id/101308/)
376 | - 2018.03 [aliyun] [Cobalt Strike——利用混淆处理绕过Windows Defender](https://xz.aliyun.com/t/2173)
377 | - 2018.03 [aliyun] [【软件安全】Patch Cobalt Strike3.8 去除后门并修补功能](https://xz.aliyun.com/t/2170)
378 | - 2018.03 [] [Cobalt Strike Visualizations](https://medium.com/p/e6a6e841e16b)
379 | - 2018.03 [offensiveops] [使用混淆绕过Windows Defender](http://www.offensiveops.io/tools/cobalt-strike-bypassing-windows-defender-with-obfuscation/)
380 | - 2018.03 [360] [Cobalt Strike中DNS隐蔽隧道的利用，以及使用DLP进行检测](https://www.anquanke.com/post/id/99408/)
381 | - 2018.01 [4hou] [cobalt strike OPSEC配置文件简介](http://www.4hou.com/technology/10095.html)
382 | - 2018.01 [bluescreenofjeff] [Cobalt Strike OPSEC Profiles](https://bluescreenofjeff.com/2018-01-23-cobalt-strike-opsec-profiles/)
383 | - 2017.12 [freebuf] [Cobalt Strike实战技巧持久性权限控制姿势](http://www.freebuf.com/sectool/157952.html)
384 | - 2017.12 [cobaltstrike] [Cobalt Strike 3.10 – Хакер vs. 肉雞](https://blog.cobaltstrike.com/2017/12/11/cobalt-strike-3-10-%d1%85%d0%b0%d0%ba%d0%b5%d1%80-vs-%e8%82%89%e9%9b%9e/)
385 | - 2017.12 [threatexpress] [Slack Notifications for Cobalt Strike](http://threatexpress.com/blogs/2016/slack-notifications-for-cobalt-strike/)
386 | - 2017.12 [blackhillsinfosec] [A Morning with Cobalt Strike & Symantec](https://www.blackhillsinfosec.com/morning-cobalt-strike-symantec/)
387 | - 2017.11 [riskiq] [Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions](https://www.riskiq.com/blog/labs/cobalt-strike/)
388 | - 2017.11 [fortinet] [Cobalt Malware Strikes Using CVE-2017-11882 RTF Vulnerability](https://blog.fortinet.com/2017/11/27/cobalt-malware-strikes-using-cve-2017-11882-rtf-vulnerability)
389 | - 2017.11 [fortinet] [FortiGuard Labs 发现利用 RTF 漏洞 CVE-2017-11882 攻击的恶意软件](https://www.fortinet.com/blog/threat-research/cobalt-malware-strikes-using-cve-2017-11882-rtf-vulnerability.html)
390 | - 2017.11 [trendmicro] [黑客组织 Cobalt 利用 CVE-2017-8759漏洞攻击俄国银行](https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/)
391 | - 2017.10 [secvul] [Metasploit和Cobalt Strike的四种联动场景](https://secvul.com/topics/862.html)
392 | - 2017.10 [360] [如何利用Office 365的任务功能搭建Cobalt Strike C2通道](https://www.anquanke.com/post/id/86974/)
393 | - 2017.09 [rsa] [Malspam delivers Cobalt Strike payload 9-19-2017](https://community.rsa.com/community/products/netwitness/blog/2017/09/25/malspam-delivers-cobalt-strike-payload-9-19-2017)
394 | - 2017.09 [mwrinfosecurity] [“Tasking” Office 365 for Cobalt Strike C2](https://labs.mwrinfosecurity.com/blog/tasking-office-365-for-cobalt-strike-c2/)
395 | - 2017.09 [cobaltstrike] [Cobalt Strike 3.9 – Livin’ in a Stager’s Paradise](https://blog.cobaltstrike.com/2017/09/20/cobalt-strike-3-9-livin-in-a-stagers-paradise/)
396 | - 2017.09 [evi1cg] [cobaltstrike3.8 破解版](https://evi1cg.me/archives/CobaltStrike_3_8_Cracked-html.html)
397 | - 2017.06 [vkremez] [Let's Learn (DIY): Sophisticated Cobalt Strike Gang's CVE-2017-0199 Loader](https://www.vkremez.com/2017/06/lets-learn-diy-sophisticated-cobalt.html)
398 | - 2017.05 [cobaltstrike] [Cobalt Strike 3.8 – Who’s Your Daddy?](https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/)
399 | - 2017.05 [freebuf] [Cobalt Strike学习笔记（持续更新）](http://www.freebuf.com/sectool/133369.html)
400 | - 2017.04 [ecforce] [CVE-2017-0199 exploitation with Cobalt Strike tutorial](https://www.secforce.com/blog/2017/04/cve-2017-0199-exploitation-with-cobalt-strike-tutorial/)
401 | - 2017.04 [trustedsec] [Equation Group Dump Analysis and Full RCE on Win7 on MS17-010 with Cobalt Strike](https://www.trustedsec.com/2017/04/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/)
402 | - 2017.04 [aliyun] [Cobalt Strike搭建和使用以及bybass杀软](https://xz.aliyun.com/t/199)
403 | - 2017.03 [cobaltstrike] [Cobalt Strike 3.7 – Cat, Meet Mouse](https://blog.cobaltstrike.com/2017/03/15/cobalt-strike-3-7-cat-meet-mouse/)
404 | - 2017.03 [freebuf] [Cobalt Strike内网穿梭之如何在互联网中建立一个属于自己的Cobalt Strike服务器](http://www.freebuf.com/articles/network/128121.html)
405 | - 2017.02 [zairon] [From RTF to Cobalt Strike passing via Flash](https://zairon.wordpress.com/2017/02/05/from-rtf-to-cobalt-strike-passing-via-flash/)
406 | - 2017.01 [freebuf] [Cobalt strike在内网渗透中的使用](http://www.freebuf.com/sectool/125237.html)
407 | - 2017.01 [inspired] [WMI Persistence with Cobalt Strike](https://blog.inspired-sec.com/archive/2017/01/20/WMI-Persistence.html)
408 | - 2017.01 [freebuf] [利用Cobalt strike一步步教你发送钓鱼邮件](http://www.freebuf.com/sectool/124905.html)
409 | - 2017.01 [freebuf] [提权利器Cobalt Strike发布3.6版本](http://www.freebuf.com/sectool/122742.html)
410 | - 2016.12 [evi1cg] [cobaltstrike3.6 破解版](https://evi1cg.me/archives/CobaltStrike_3_6_Cracked.html)
411 | - 2016.12 [cobaltstrike] [Cobalt Strike 3.6 – A Path for Privilege Escalation](https://blog.cobaltstrike.com/2016/12/08/cobalt-strike-3-6-a-path-for-privilege-escalation/)
412 | - 2016.12 [threatexpress] [Slack Notifications for Cobalt Strike](http://threatexpress.com/2016/12/slack-notifications-for-cobalt-strike/)
413 | - 2016.10 [cobaltstrike] [Cobalt Strike Tapas II](https://blog.cobaltstrike.com/2016/10/19/cobalt-strike-tapas-ii/)
414 | - 2016.10 [cobaltstrike] [Cobalt Strike 3.5.1 – Important Security Update](https://blog.cobaltstrike.com/2016/10/03/cobalt-strike-3-5-1-important-security-update/)
415 | - 2016.09 [cobaltstrike] [Cobalt Strike RCE. Active Exploitation Reported.](https://blog.cobaltstrike.com/2016/09/28/cobalt-strike-rce-active-exploitation-reported/)
416 | - 2016.09 [cobaltstrike] [Cobalt Strike 3.5 – UNIX Post Exploitation](https://blog.cobaltstrike.com/2016/09/22/cobalt-strike-3-5-unix-post-exploitation/)
417 | - 2016.09 [cobaltstrike] [Cobalt Strike Tapas](https://blog.cobaltstrike.com/2016/09/16/cobalt-strike-tapas/)
418 | - 2016.07 [cobaltstrike] [Cobalt Strike 3.4 – Operational Details](https://blog.cobaltstrike.com/2016/07/29/cobalt-strike-3-4-operational-details/)
419 | - 2016.07 [cobaltstrike] [HOWTO: Reset Your Cobalt Strike License Key](https://blog.cobaltstrike.com/2016/07/15/howto-reset-your-cobalt-strike-license-key/)
420 | - 2016.06 [bluescreenofjeff] [Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite](https://bluescreenofjeff.com/2016-06-28-cobalt-strike-http-c2-redirectors-with-apache-mod_rewrite/)
421 | - 2016.05 [freebuf] [CobaltStrike最新版完美破解方法](http://www.freebuf.com/sectool/103766.html)
422 | - 2016.01 [evi1cg] [强化你的Cobalt strike之Cortana](https://evi1cg.me/archives/Cortana.html)
423 | - 2015.12 [freebuf] [在Kali 2.0下安装破解最新版Cobalt Strike](http://www.freebuf.com/sectool/91144.html)
424 | - 2015.11 [evi1cg] [Cobalt strike3.0使用手册](https://evi1cg.me/archives/Cobalt_strike.html)
425 | - 2015.10 [tan6600] [Kali 2.0 安装 Cobalt Strike](https://blog.csdn.net/tan6600/article/details/48845771)
426 | - 2015.09 [] [科普：一条语句破解Cobaltstrike](http://www.91ri.org/14324.html)
427 | - 2015.08 [freebuf] [如何制作Cobalt Strike v2.5破解版](http://www.freebuf.com/sectool/76206.html)
428 | - 2015.01 [freebuf] [自动化攻击测试平台Cobalt Strike v2.3破解版](http://www.freebuf.com/sectool/57810.html)
429 | - 2014.09 [freebuf] [自动化攻击测试平台Cobalt Strike v2.1（破解版）](http://www.freebuf.com/sectool/44629.html)
430 | - 2014.08 [freebuf] [自动化攻击测试平台Cobalt Strike 2.0.49破解版](http://www.freebuf.com/sectool/41031.html)
431 | - 2014.01 [security] [Four Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2014/01/four-days-with-cortana-script-engine.html)
432 | - 2013.12 [security] [Three Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/11/two-days-with-cortana-script-engine.html)
433 | - 2013.12 [security] [Cobalt Strike Report Hosts *Mod*](http://security-is-just-an-illusion.blogspot.com/2013/12/cobalt-strike-report-hosts-mod.html)
434 | - 2013.12 [security] [Two Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/12/two-days-with-cortana-script-engine.html)
435 | - 2013.12 [security] [One Day with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/11/one-day-with-cortana-script-engine.html)
436 | - 2013.12 [freebuf] [自动化攻击测试平台Cobalt Strike 1.48破解版](http://www.freebuf.com/sectool/18888.html)
437 | - 2013.11 [freebuf] [关于”windows 2008如何安装Cobalt Strike”的一些想法](http://www.freebuf.com/articles/system/18180.html)
438 | - 2013.11 [freebuf] [windows 2008如何安装Cobalt Strike](http://www.freebuf.com/articles/others-articles/18096.html)
439 | - 2013.08 [freebuf] [Cobalt Strike Windows版破解](http://www.freebuf.com/sectool/11734.html)
440 | - 2013.04 [freebuf] [Cobalt Strike—Armitage商业版](http://www.freebuf.com/sectool/8445.html)
441 | - 2012.08 [toolswatch] [Blackhat USA 2012: Interview with Raphael Mudge about Armitage (Also Introducing CobaltStrike)](http://www.toolswatch.org/2012/08/blackhat-usa-2012-interview-with-raphael-mudge-about-armitage-also-introducing-cobaltstrike/)
442 | 
443 | 
444 | # 贡献
445 | 内容为系统自动导出, 有任何问题请提issue
446 | 


--------------------------------------------------------------------------------
/Readme_en.md:
--------------------------------------------------------------------------------
  1 | # [All Resource Collection Projects](https://github.com/alphaSeclab/all-my-collection-repos)
  2 | 
  3 | 
  4 | 
  5 | 
  6 | # CobaltStrike
  7 | 
  8 | 
  9 | - Resources about Cobalt Strike
 10 | 
 11 | 
 12 | # Directory
 13 | - [External C2](#354ab7654ce3b7c2bdaadd4b8cec655a) ->  [(9)Tools](#f68ecdb8fb6ad2a853974daa90aed75d) [(10)Post](#3f8322b76fd5bf27bcced5676ecb23cb)
 14 | - [Malleable C2](#3c7575eb27204dbf1ed80f96706c2967) ->  [(6)Tools](#61838d4bce2285c7772b309c7bf77300) [(10)Post](#803659291490cf303d14af45bfededa8)
 15 | - [Beacon](#403f0531bfef73b0950ebb204f8c943c) ->  [(24)Tools](#d3f40c082e959ea8eb4972d192491986) [(63)Post](#9d08b2a4104484ddea919603692e4efd)
 16 | - [Listener](#3e1518acb4f724d940248244d90c84d3) ->  [(1)Tools](#5a709999cb246f31f15954a28e510804)
 17 | - [Aggressor Script](#a9814deb7dba1a899218c27971bb0143) ->  [(29)Tools](#57402818113a06fa8c16d023ce6fae05) [(8)Post](#bbf6ba0a11dd2a6e0f86469609796fe7)
 18 | - [Recent Add](#bbe1c2fab620850440dbdc9cafad4280) ->  [(39)Tools](#cfa38dd2bfe0bd0fa27d73e7bd2e12f6) [(117)Post](#6368df4dcd53ad109982557bf1062b9d)
 19 | 
 20 | 
 21 | # <a id="354ab7654ce3b7c2bdaadd4b8cec655a"></a>External C2
 22 | 
 23 | 
 24 | ***
 25 | 
 26 | 
 27 | ## <a id="f68ecdb8fb6ad2a853974daa90aed75d"></a>Tools
 28 | 
 29 | 
 30 | - [**325**Star][2y] [C#] [spiderlabs/dohc2](https://github.com/spiderlabs/dohc2) DoHC2 allows the ExternalC2 library from Ryan Hanson (
 31 | - [**222**Star][23d] [PS] [qax-a-team/cobaltstrike-toolset](https://github.com/QAX-A-Team/CobaltStrike-Toolset) Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
 32 | - [**188**Star][3y] [C#] [ryhanson/externalc2](https://github.com/ryhanson/externalc2) A library for integrating communication channels with the Cobalt Strike External C2 server
 33 | - [**150**Star][26d] [Py] [und3rf10w/external_c2_framework](https://github.com/und3rf10w/external_c2_framework) Python api for usage with cobalt strike's External C2 specification
 34 | - [**140**Star][1m] [C++] [xorrior/raven](https://github.com/xorrior/raven) CobaltStrike External C2 for Websockets
 35 | - [**76**Star][30d] [C] [outflanknl/external_c2](https://github.com/outflanknl/external_c2) POC for Cobalt Strike external C2
 36 | - [**58**Star][1y] [C#] [mdsecactivebreach/browser-externalc2](https://github.com/mdsecactivebreach/browser-externalc2) External C2 Using IE COM Objects
 37 | - [**58**Star][2m] [Py] [truneski/external_c2_framework](https://github.com/truneski/external_c2_framework) Python api for usage with cobalt strike's External C2 specification
 38 | - [**37**Star][3m] [Go] [lz1y/gecc](https://github.com/lz1y/gecc) Cobalt Strike - Go External C2 Client
 39 | 
 40 | 
 41 | ***
 42 | 
 43 | 
 44 | ## <a id="3f8322b76fd5bf27bcced5676ecb23cb"></a>Post
 45 | 
 46 | 
 47 | - 2019.12 [talosintelligence] [WAGO PFC200 iocheckd service "I/O-Check" external tool information exposure vulnerability](https://talosintelligence.com/vulnerability_reports/TALOS-2019-0862)
 48 | - 2019.02 [mdsec] [External C2, IE COM Objects and how to use them for Command and Control](https://www.mdsec.co.uk/2019/02/external-c2-ie-com-objects-and-how-to-use-them-for-command-and-control/)
 49 | - 2018.03 [xpnsec] [Exploring Cobalt Strike's ExternalC2 framework](https://blog.xpnsec.com/exploring-cobalt-strikes-externalc2-framework/)
 50 | - 2013.10 [colinpoflynn] [PLIP DEC2013: Hardware Co-Sim with External Hardware (Serial Port)](https://www.youtube.com/watch?v=g8z5UtcuNyE)
 51 | 
 52 | 
 53 | # <a id="3c7575eb27204dbf1ed80f96706c2967"></a>Malleable C2
 54 | 
 55 | 
 56 | ***
 57 | 
 58 | 
 59 | ## <a id="61838d4bce2285c7772b309c7bf77300"></a>Tools
 60 | 
 61 | 
 62 | - [**462**Star][2y] [rsmudge/malleable-c2-profiles](https://github.com/rsmudge/malleable-c2-profiles) Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
 63 | - [**217**Star][2y] [Py] [bluscreenofjeff/malleable-c2-randomizer](https://github.com/bluscreenofjeff/malleable-c2-randomizer) A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls
 64 | - [**205**Star][23d] [threatexpress/malleable-c2](https://github.com/threatexpress/malleable-c2) Cobalt Strike Malleable C2 Design and Reference Guide
 65 | - [**105**Star][9m] [xx0hcd/malleable-c2-profiles](https://github.com/xx0hcd/malleable-c2-profiles) Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike
 66 | - [**41**Star][3y] [bluscreenofjeff/malleablec2profiles](https://github.com/bluscreenofjeff/malleablec2profiles) Malleable C2 profiles for Cobalt Strike
 67 | - [**None**Star][Py] [fortynorthsecurity/c2concealer](https://github.com/fortynorthsecurity/c2concealer) C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.
 68 | 
 69 | 
 70 | ***
 71 | 
 72 | 
 73 | ## <a id="803659291490cf303d14af45bfededa8"></a>Post
 74 | 
 75 | 
 76 | - 2018.09 [specterops] [A Deep Dive into Cobalt Strike Malleable C2](https://medium.com/p/6660e33b0e0b)
 77 | - 2018.09 [threatexpress] [A Deep Dive into Cobalt Strike Malleable C2](http://threatexpress.com/2018/09/a-deep-dive-into-cobalt-strike-malleable-c2/)
 78 | - 2018.09 [threatexpress] [A Deep Dive into Cobalt Strike Malleable C2](http://threatexpress.com/blogs/2018/a-deep-dive-into-cobalt-strike-malleable-c2/)
 79 | - 2018.06 [cobaltstrike] [Broken Promises and Malleable C2 Profiles](https://blog.cobaltstrike.com/2018/06/04/broken-promises-and-malleable-c2-profiles/)
 80 | - 2018.01 [threatexpress] [Automating Apache mod_rewrite and Cobalt Strike Malleable C2 for Intelligent Redirection](http://threatexpress.com/2018/02/automating-cobalt-strike-profiles-apache-mod_rewrite-htaccess-files-intelligent-c2-redirection/)
 81 | - 2017.08 [bluescreenofjeff] [Randomized Malleable C2 Profiles Made Easy](https://bluescreenofjeff.com/2017-08-30-randomized-malleable-c2-profiles-made-easy/)
 82 | - 2017.01 [bluescreenofjeff] [How to Write Malleable C2 Profiles for Cobalt Strike](https://bluescreenofjeff.com/2017-01-24-how-to-write-malleable-c2-profiles-for-cobalt-strike/)
 83 | - 2014.07 [harmj0y] [A Brave New World: Malleable C2](http://www.harmj0y.net/blog/redteaming/a-brave-new-world-malleable-c2/)
 84 | 
 85 | 
 86 | # <a id="403f0531bfef73b0950ebb204f8c943c"></a>Beacon
 87 | 
 88 | 
 89 | ***
 90 | 
 91 | 
 92 | ## <a id="d3f40c082e959ea8eb4972d192491986"></a>Tools
 93 | 
 94 | 
 95 | - [**244**Star][6m] [PS] [rsmudge/elevatekit](https://github.com/rsmudge/elevatekit) The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
 96 | - [**193**Star][17d] [Go] [darkr4y/geacon](https://github.com/darkr4y/geacon) Practice Go programming and implement CobaltStrike's Beacon in Go
 97 | - [**129**Star][2m] [JS] [dermike/slide-beacon-app](https://github.com/dermike/slide-beacon-app) Share links from your Mac using this app to broadcast them as a Physical Web Eddystone URL bluetooth beacon or mDNS.
 98 | - [**115**Star][4m] [HTML] [romanemelyanov/cobaltstrikeforensic](https://github.com/romanemelyanov/cobaltstrikeforensic) Toolset for research malware and Cobalt Strike beacons
 99 | - [**71**Star][6m] [Py] [daddycocoaman/beacongraph](https://github.com/daddycocoaman/beacongraph) Graph visualization of wireless client and access point relationships
100 | - [**59**Star][24d] [Go] [averagesecurityguy/c2](https://github.com/averagesecurityguy/c2) A simple, extensible C&C beaconing system.
101 | - [**57**Star][2m] [Shell] [cyb0r9/network-attacker](https://github.com/Cyb0r9/network-attacker) Programmed For Penetration Testing Beginners . This Program Based on Mdk3 . "WiFi Stress Testing Beacon Flooding & Deauthentication Attack "
102 | - [**56**Star][24d] [HTML] [aravinthpanch/rssi](https://github.com/aravinthpanch/rssi) Indoor localisation using RSSI. RSSI is received signal strength indicator in IEEE 802.11 beacon packet to announce the presence of WiFi.This tool was built to study & visualize the data collected in the experiments. This was done at Telecommunications Network Group (TKN), Berlin as part of EVARILOS.
103 | - [**50**Star][2m] [001spartan/csfm](https://github.com/001spartan/csfm) Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.
104 | - [**45**Star][10m] [JS] [dermike/physical-web-scan-app](https://github.com/dermike/physical-web-scan-app) Mac OSX desktop client app to scan for Physical Web (Eddystone) bluetooth beacons
105 | - [**39**Star][4m] [C++] [lijuno/nrf24_ble](https://github.com/lijuno/nRF24_BLE) Hacking nRF24L01+ as a low-cost BLE beacon
106 | - [**30**Star][5m] [chriso0710/pikiosk](https://github.com/chriso0710/pikiosk) Automate Chromium in kiosk mode and Eddystone beacon on Raspberry Pi Raspbian Jessie with Ansible. Use a single command to update the kiosk and Eddystone URLs on all machines.
107 | - [**29**Star][24d] [TS] [iot-makers/sigfox-platform](https://github.com/iot-makers/sigfox-platform) Open Source platform to display and parse Sigfox messages in real time with Sigfox, GPS, WiFi & beacon geolocalisation
108 | - [**25**Star][9m] [C] [clockfort/wifi-locator](https://github.com/clockfort/wifi-locator) Determines physical location of station judging from 802.11 beacons' BSSID/Signal/Noise/Quality information.
109 | - [**20**Star][5m] [C++] [6e726d/native-wifi-api-beacon-sniffer](https://github.com/6e726d/native-wifi-api-beacon-sniffer) Tool that dumps beacon frames to a pcap file. Works on Windows Vista or Later with any Wireless Card.
110 | - [**14**Star][23d] [Py] [mlodic/ursnif_beacon_decryptor](https://github.com/mlodic/ursnif_beacon_decryptor) Ursnif beacon decryptor
111 | - [**12**Star][1m] [Go] [wahyuhadi/beacon-c2-go](https://github.com/wahyuhadi/beacon-c2-go) backdoor c2
112 | - [**11**Star][3m] [Dockerfile] [d3vzer0/cnc-relay](https://github.com/d3vzer0/cnc-relay) Docker projects to retain beacon source IPs using C2 relaying infra
113 | - [**10**Star][2y] [C] [wifimon/wifimon](https://github.com/wifimon/wifimon) Wi-fi 802.11 Beacon Frame sniffer
114 | - [**9**Star][3y] [C] [loukamb/beacon](https://github.com/loukamb/beacon) Lightweight, header-only C++ IPC library for Windows operating systems (Vista+) using advanced local procedure calls
115 | - [**9**Star][4m] [Py] [ajackal/cherrywasp](https://github.com/ajackal/cherrywasp) An 802.11 probe request and beacon sniffer.
116 | - [**2**Star][9m] [Shell] [b3n-j4m1n/flood-kick-sniff](https://github.com/b3n-j4m1n/flood-kick-sniff) Known Beacons attack tool
117 | - [**2**Star][5m] [Shell] [op7ic/rt-officebeaconbox](https://github.com/op7ic/rt-officebeaconbox) Simple Office-based beacon that calls back to your server for phishing exercises.
118 | - [**None**Star][C++] [rvn0xsy/linco2](https://github.com/rvn0xsy/linco2) 模拟Cobalt Strike的Beacon与C2通信过程，实现了基于HTTP协议的Linux C2
119 | 
120 | 
121 | ***
122 | 
123 | 
124 | ## <a id="9d08b2a4104484ddea919603692e4efd"></a>Post
125 | 
126 | 
127 | - 2020.05 [pentestpartners] [Short beacon analysis on the NHS iOS Tracking application](https://www.pentestpartners.com/security-blog/short-beacon-analysis-on-the-nhs-ios-tracking-application/)
128 | - 2020.05 [findingbad] [Hunting for Beacons Part 2](http://findingbad.blogspot.com/2020/05/hunting-for-beacons-part-2.html)
129 | - 2020.05 [findingbad] [Hunting for Beacons](http://findingbad.blogspot.com/2020/05/hunting-for-beacons.html)
130 | - 2020.04 [activecountermeasures] [Threat Simulation – Beacons](https://www.activecountermeasures.com/threat-simulation-beacons/)
131 | - 2020.04 [tindie] [UHF Radio Beacon for Lost RC Models](https://blog.tindie.com/2020/04/uhf-radio-beacon-lost-rc-models/)
132 | - 2020.03 [blackhillsinfosec] [Detecting Malware Beacons With Zeek and RITA](https://www.blackhillsinfosec.com/detecting-malware-beacons-with-zeek-and-rita/)
133 | - 2020.01 [fox] [Hunting for beacons](https://blog.fox-it.com/2020/01/15/hunting-for-beacons/)
134 | - 2019.11 [s0lst1c3] [Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks](https://posts.specterops.io/modern-wireless-attacks-pt-ii-mana-and-known-beacon-attacks-97a359d385f9)
135 | - 2019.10 [specterops] [Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks](https://medium.com/p/97a359d385f9)
136 | - 2019.08 [TechMinds] [Hunting LF/MF/HF Beacons With An Airspy HF+ Discovery](https://www.youtube.com/watch?v=PduaBOMPlz4)
137 | - 2019.05 [activecountermeasures] [Detecting Beacons With Jitter](https://www.activecountermeasures.com/detecting-beacons-with-jitter/)
138 | - 2019.04 [activecountermeasures] [Simplifying Beacon Analysis through Big Data Analysis](https://www.activecountermeasures.com/simplifying-beacon-analysis-through-big-data-analysis/)
139 | - 2019.04 [NDSSSymposium] [NDSS 2019  MBeacon: Privacy-Preserving Beacons for DNA Methylation Data](https://www.youtube.com/watch?v=ZF78gBfppfM)
140 | - 2019.02 [sensorfu] [SensorFu Beacon How To: 3 steps to always know if your isolated Linux leaks](https://medium.com/p/e2206252782c)
141 | - 2019.02 [sensorfu] [Deploying SensorFu Beacon Windows Application with GPO](https://medium.com/p/530e315f25a)
142 | - 2019.02 [rapid7] [Smart Sensors: A Look at Beacon Security](https://blog.rapid7.com/2019/02/05/smart-sensors-a-look-at-beacon-security/)
143 | - 2019.02 [sensorfu] [Using SensorFu Beacon to supplement Threat Intel](https://medium.com/p/ff8dc1a3bfb8)
144 | - 2018.12 [nviso] [TLS beaconing detection using ee-outliers and Elasticsearch](https://blog.nviso.be/2018/12/11/tls-beaconing-detection-using-ee-outliers-and-elasticsearch/)
145 | - 2018.11 [DEFCONConference] [DEF CON 26 HARDWARE HACKING VILLAGE - John Aho -  WiFi Beacons will give you up](https://www.youtube.com/watch?v=1XoxtcBGga0)
146 | - 2018.10 [NullByte] [Track & Connect to Smartphones with a Beacon Swarm [Tutorial]](https://www.youtube.com/watch?v=o95Or-Z_Ybk)
147 | - 2018.09 [blackhillsinfosec] [PODCAST: Beacon Analysis](https://www.blackhillsinfosec.com/beaconanalysis/)
148 | - 2018.09 [activecountermeasures] [Threat Hunting Beacon Analysis Webcast from September 11, 2018](https://www.activecountermeasures.com/threat-hunting-beacon-analysis-webcast-from-september-11-2018/)
149 | - 2018.08 [activecountermeasures] [Threat Hunting – Simplifying The Beacon Analysis Process](https://www.activecountermeasures.com/threat-hunting-simplifying-the-beacon-analysis-process/)
150 | - 2018.08 [activecountermeasures] [Beacon Analysis – The Key to Cyber Threat Hunting](https://www.activecountermeasures.com/blog-beacon-analysis-the-key-to-cyber-threat-hunting/)
151 | - 2018.08 [jpcert] [Volatility Plugin for Detecting Cobalt Strike Beacon](https://blog.jpcert.or.jp/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html)
152 | - 2018.08 [jpcert] [Volatility Plugin for Detecting Cobalt Strike Beacon](https://blogs.jpcert.or.jp/en/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html)
153 | - 2018.04 [activecountermeasures] [New Beacon Graph in the Works](https://www.activecountermeasures.com/new-beacon-graph-in-the-works/)
154 | - 2018.04 [rvrsh3ll] [Redirecting Cobalt Strike DNS Beacons](https://medium.com/p/e3dcdb5a8b9b)
155 | - 2018.02 [census] [The Known Beacons Attack (34th Chaos Communication Congress)](https://census-labs.com/news/2018/02/01/known-beacons-attack-34c3/)
156 | - 2017.06 [cobaltstrike] [OPSEC Considerations for Beacon Commands](https://blog.cobaltstrike.com/2017/06/23/opsec-considerations-for-beacon-commands/)
157 | - 2017.06 [social] [Web Beacons for Social Engineering Reconnaissance](https://www.social-engineer.org/general-blog/web-beacons-social-engineering-reconnaissance/)
158 | - 2017.06 [austintaylor] [Detect Beaconing with Flare, Elastic Stack, and Intrusion Detection Systems](http://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/)
159 | - 2017.06 [longtermsec] [Chrome just hardened the Navigator Beacon API against Cross-Site-Request-Forgery (CSRF)](https://medium.com/p/690239ccccf)
160 | - 2016.11 [jerrygamblin] [Spoofing Beacon Frames From The 5000 Most Common SSIDS](https://jerrygamblin.com/2016/11/27/spoofing-the-top-5000-ssids/)
161 | - 2016.10 [rvrsh3ll] [Redirecting Cobalt Strike DNS Beacons](http://www.rvrsh3ll.net/blog/offensive/redirecting-cobalt-strike-dns-beacons/)
162 | - 2016.09 [christophertruncer] [Receiving Text Messages for your Incoming Beacons](https://www.christophertruncer.com/receiving-text-messages-for-your-incoming-beacons/)
163 | - 2016.07 [] [Forging WiFi Beacon Frames Using Scapy](https://www.4armed.com/blog/forging-wifi-beacon-frames-using-scapy/)
164 | - 2016.05 [breakpoint] [Using Python to Decrypt Dispind.A and Helminth HTTP Beacons](https://breakpoint-labs.com/blog/using-python-to-decrypt-dispind-a-and-helminth-http-beacons/)
165 | - 2016.05 [arxiv] [[1605.04559] Bitcoin Beacon](https://arxiv.org/abs/1605.04559)
166 | - 2015.11 [alienvault] [Ultrasound Tracking Beacons Making Things Sort of Creepy For Consumers](https://www.alienvault.com/blogs/security-essentials/ultrasound-tracking-beacons-making-things-sort-of-creepy-for-consumers)
167 | - 2015.10 [z4ziggy] [Exploring Bluetooth & iBeacons – from software to radio signals and back.](https://z4ziggy.wordpress.com/2015/10/01/exploring-bluetooth-and-ibeacons-from-software-to-radio-signals-and-back/)
168 | - 2015.09 [christophertruncer] [Upgrading Your Shells to Beacons](https://www.christophertruncer.com/upgrade-your-shells-to-beacons/)
169 | - 2015.07 [securitykitten] [Finding Beacons With Bro](http://securitykitten.github.io/finding-beacons-with-bro/)
170 | - 2015.04 [arxiv] [[1504.07192] Location-aware sign-on and key exchange using attribute-based encryption and Bluetooth beacons](https://arxiv.org/abs/1504.07192)
171 | - 2015.01 [securityriskadvisors] [Beaconing Past McAfee ePO](http://securityriskadvisors.com/blog/post/beaconing-past-mcafee-epo/)
172 | - 2014.10 [sans] [CSAM: Be Wary of False Beacons](https://isc.sans.edu/forums/diary/CSAM+Be+Wary+of+False+Beacons/18813/)
173 | - 2014.05 [rsa] [Sality Botnet Beacons Change- How to Detect It](https://community.rsa.com/community/products/netwitness/blog/2014/05/09/sality-botnet-beacons-change-how-to-detect-it)
174 | - 2014.05 [metaflows] [Got Beacons?](https://www.metaflows.com/blog/got-beacons/)
175 | - 2014.02 [rsa] [Detecting the Zusy Botnet Beaconing](https://community.rsa.com/community/products/netwitness/blog/2014/02/20/detecting-the-zusy-botnet-beaconing)
176 | - 2012.12 [arxiv] [[1212.2404] A beaconing approach whith key exchange in vehicular ad hoc networks](https://arxiv.org/abs/1212.2404)
177 | - 2012.10 [toolswatch] [New feature “Beacon” added to Cobalt Strike](http://www.toolswatch.org/2012/10/new-feature-beacon-added-to-cobalt-strike/)
178 | - 2012.07 [talosintelligence] [Banking Trojan Spread Via UPS Phish Uses 0xDEADBEEF Beacon](https://blog.talosintelligence.com/2012/07/banking-trojan-spread-via-ups-phish.html)
179 | 
180 | 
181 | # <a id="3e1518acb4f724d940248244d90c84d3"></a>Listener
182 | 
183 | 
184 | ***
185 | 
186 | 
187 | ## <a id="5a709999cb246f31f15954a28e510804"></a>Tools
188 | 
189 | 
190 | - [**49**Star][20d] [Shell] [taherio/redi](https://github.com/taherio/redi) Automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt)
191 | 
192 | 
193 | # <a id="a9814deb7dba1a899218c27971bb0143"></a>Aggressor Script
194 | 
195 | 
196 | ***
197 | 
198 | 
199 | ## <a id="57402818113a06fa8c16d023ce6fae05"></a>Tools
200 | 
201 | 
202 | - [**758**Star][8m] [C#] [harleyqu1nn/aggressorscripts](https://github.com/harleyqu1nn/aggressorscripts) Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
203 | - [**378**Star][2y] [bluscreenofjeff/aggressorscripts](https://github.com/bluscreenofjeff/aggressorscripts) Aggressor scripts for use with Cobalt Strike 3.0+
204 | - [**369**Star][18d] [Java] [rsmudge/cortana-scripts](https://github.com/rsmudge/cortana-scripts) A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called Aggressor Script.
205 | - [**252**Star][3y] [PS] [und3rf10w/aggressor-scripts](https://github.com/und3rf10w/aggressor-scripts) Aggressor scripts I've made for Cobalt Strike
206 | - [**215**Star][2y] [C#] [spiderlabs/sharpcompile](https://github.com/spiderlabs/sharpcompile) SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing…
207 | - [**175**Star][22d] [uknowsec/sharptoolsaggressor](https://github.com/uknowsec/sharptoolsaggressor) 内网渗透中常用的c#程序整合成cs脚本，直接内存加载。持续更新~
208 | - [**174**Star][2y] [ramen0x3f/aggressorscripts](https://github.com/ramen0x3f/aggressorscripts)  audit your machines or machines you're authorized to audit
209 | - [**144**Star][4m] [PS] [vysecurity/aggressor-vysec](https://github.com/vysecurity/Aggressor-VYSEC) CobaltStrike Aggressor Scripts
210 | - [**126**Star][2y] [zonksec/persistence-aggressor-script](https://github.com/zonksec/persistence-aggressor-script) initial commit
211 | - [**102**Star][2y] [PS] [rhinosecuritylabs/aggressor-scripts](https://github.com/rhinosecuritylabs/aggressor-scripts) Aggregation of Cobalt Strike's aggressor scripts.
212 | - [**101**Star][27d] [001spartan/aggressor_scripts](https://github.com/001spartan/aggressor_scripts) A collection of useful scripts for Cobalt Strike
213 | - [**97**Star][2y] [PS] [rasta-mouse/aggressor-script](https://github.com/rasta-mouse/aggressor-script) Collection of Aggressor Scripts for Cobalt Strike
214 | - [**93**Star][4m] [Py] [fortynorthsecurity/aggressorassessor](https://github.com/fortynorthsecurity/aggressorassessor) Aggressor scripts for phases of a pen test or red team assessment
215 | - [**87**Star][22d] [k8gege/aggressor](https://github.com/k8gege/Aggressor) Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force
216 | - [**87**Star][22d] [k8gege/aggressor](https://github.com/k8gege/aggressor) Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force
217 | - [**73**Star][27d] [vysecurity/cve-2018-4878](https://github.com/vysecurity/CVE-2018-4878) Aggressor Script to launch IE driveby for CVE-2018-4878
218 | - [**68**Star][2y] [tevora-threat/powerview3-aggressor](https://github.com/tevora-threat/powerview3-aggressor) Cobalt Strike Aggressor script menu for Powerview/SharpView
219 | - [**57**Star][2y] [PS] [invokethreatguy/csasc](https://github.com/invokethreatguy/csasc) Cobalt Strike Aggressor Script Collection
220 | - [**46**Star][4m] [Py] [coalfire-research/vampire](https://github.com/coalfire-research/vampire) Vampire is an aggressor script which integrates with BloodHound to mark nodes as owned.
221 | - [**46**Star][16d] [JS] [threatexpress/aggressor-scripts](https://github.com/threatexpress/aggressor-scripts) Cobalt Strike Aggressor Scripts
222 | - [**43**Star][27d] [tevora-threat/aggressor-powerview](https://github.com/tevora-threat/aggressor-powerview) PowerView menu for Cobalt Strike
223 | - [**39**Star][2y] [secgroundzero/cs-aggressor-scripts](https://github.com/secgroundzero/cs-aggressor-scripts) Aggressor Scripts for Cobalt Strike
224 | - [**30**Star][17d] [mgeeky/cobalt-arsenal](https://github.com/mgeeky/cobalt-arsenal) My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
225 | - [**25**Star][6m] [scanfsec/cve-2018-15982](https://github.com/scanfsec/cve-2018-15982) Aggressor Script to launch IE driveby for CVE-2018-15982.
226 | - [**22**Star][3y] [PS] [oldb00t/aggressorscripts](https://github.com/oldb00t/aggressorscripts) Cobaltstrike Aggressor Scripts
227 | - [**22**Star][12m] [superdong0/aggressor_mail](https://github.com/superdong0/aggressor_mail) beacon,aggressor-scripts,cna,cobalt-strike,email
228 | - [**18**Star][3m] [mdsecactivebreach/execute-githubassembly-aggressor](https://github.com/mdsecactivebreach/execute-githubassembly-aggressor) Aggressor Script to Execute Assemblies from Github
229 | - [**1**Star][8m] [kingsabri/aggressorscripts](https://github.com/kingsabri/aggressorscripts) A collection of Cobalt Strike aggressor scripts
230 | - [**None**Star][C] [timwhitez/cobalt-strike-aggressor-scripts](https://github.com/timwhitez/cobalt-strike-aggressor-scripts) Cobalt Strike Aggressor 插件包
231 | 
232 | 
233 | ***
234 | 
235 | 
236 | ## <a id="bbf6ba0a11dd2a6e0f86469609796fe7"></a>Post
237 | 
238 | 
239 | - 2019.06 [rastamouse] [The Return of Aggressor](https://rastamouse.me/2019/06/the-return-of-aggressor/)
240 | - 2018.07 [tevora] [A SharpView and More Aggressor](https://threat.tevora.com/a-sharpview-and-more-aggressor/)
241 | - 2018.03 [tevora] [Aggressor PowerView](http://threat.tevora.com/aggressor-powerview/)
242 | - 2018.03 [] [Aggressor 101: Unleashing Cobalt Strike for Fun and Profit](https://medium.com/p/879bf22cea31)
243 | - 2016.11 [bluescreenofjeff] [Beaconpire - Cobalt Strike and Empire Interoperability with Aggressor Script](https://bluescreenofjeff.com/2016-11-29-beaconpire-cobalt-strike-and-empire-interoperability-with-aggressor-script/)
244 | - 2016.09 [bluescreenofjeff] [Adding Easy GUIs to Aggressor Scripts](https://bluescreenofjeff.com/2016-09-07-adding-easy-guis-to-aggressor-scripts/)
245 | - 2016.05 [zonksec] [Persistence Aggressor Script](https://zonksec.com/blog/persistence-aggressor-script/)
246 | 
247 | 
248 | # <a id="bbe1c2fab620850440dbdc9cafad4280"></a>Recent Add
249 | 
250 | 
251 | ***
252 | 
253 | 
254 | ## <a id="cfa38dd2bfe0bd0fa27d73e7bd2e12f6"></a>Tools
255 | 
256 | 
257 | - [**822**Star][4m] [aleenzz/cobalt_strike_wiki](https://github.com/aleenzz/cobalt_strike_wiki) Cobalt Strike系列
258 | - [**409**Star][2y] [Shell] [killswitch-gui/cobaltstrike-toolkit](https://github.com/killswitch-gui/cobaltstrike-toolkit) Some useful scripts for CobaltStrike
259 | - [**398**Star][21d] [Py] [vysecurity/morphhta](https://github.com/vysecurity/morphHTA) morphHTA - Morphing Cobalt Strike's evil.HTA
260 | - [**225**Star][4m] [PS] [outflanknl/excel4-dcom](https://github.com/outflanknl/excel4-dcom) PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
261 | - [**224**Star][3m] [gloxec/crossc2](https://github.com/gloxec/crossc2) generate CobaltStrike's cross-platform payload
262 | - [**213**Star][18d] [PS] [vysecurity/angrypuppy](https://github.com/vysecurity/ANGRYPUPPY) Bloodhound Attack Path Automation in CobaltStrike
263 | - [**193**Star][4m] [PS] [phink-team/cobaltstrike-ms17-010](https://github.com/phink-team/cobaltstrike-ms17-010) cobaltstrike ms17-010 module and some other
264 | - [**190**Star][17d] [Py] [threatexpress/cs2modrewrite](https://github.com/threatexpress/cs2modrewrite) Convert Cobalt Strike profiles to modrewrite scripts
265 | - [**150**Star][22d] [C#] [josephkingstone/cobalt_strike_extension_kit](https://github.com/josephkingstone/cobalt_strike_extension_kit) Tired of typing execute-assembly everytime you use Cobalt Strike? Clone this.
266 | - [**117**Star][5m] [Py] [verctor/cs_xor64](https://github.com/verctor/cs_xor64) cobaltstrike xor64.bin补完计划
267 | - [**115**Star][2y] [ridter/cs_chinese_support](https://github.com/ridter/cs_chinese_support) Cobalt strike 修改支持回显中文。
268 | - [**110**Star][18d] [fox-it/cobaltstrike-extraneous-space](https://github.com/fox-it/cobaltstrike-extraneous-space) Historical list of {Cobalt Strike,NanoHTTPD} servers
269 | - [**101**Star][3y] [Py] [mr-un1k0d3r/sct-obfuscator](https://github.com/mr-un1k0d3r/sct-obfuscator) Cobalt Strike SCT payload obfuscator
270 | - [**91**Star][4m] [0xthirteen/staykit](https://github.com/0xthirteen/staykit) Cobalt Strike kit for Persistence
271 | - [**89**Star][5m] [C#] [jnqpblc/sharpspray](https://github.com/jnqpblc/sharpspray) SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.
272 | - [**89**Star][17d] [Py] [k8gege/scrun](https://github.com/k8gege/scrun) BypassAV ShellCode Loader (Cobaltstrike/Metasploit)
273 | - [**88**Star][1y] [Py] [dcsync/pycobalt](https://github.com/dcsync/pycobalt) Cobalt Strike API, Python版本
274 | - [**87**Star][1m] [Py] [ryanohoro/csbruter](https://github.com/ryanohoro/csbruter) Cobalt Strike team server password brute force tool
275 | - [**82**Star][2y] [java] [anbai-inc/cobaltstrike_hanization](https://github.com/anbai-inc/cobaltstrike_hanization) CobaltStrike 2.5中文汉化版
276 | - [**73**Star][4m] [C#] [0xthirteen/movekit](https://github.com/0xthirteen/movekit) Cobalt Strike kit for Lateral Movement
277 | - [**56**Star][4m] [1135/1135-cobaltstrike-toolkit](https://github.com/1135/1135-cobaltstrike-toolkit) about CobaltStrike
278 | - [**51**Star][3y] [p292/ddeautocs](https://github.com/p292/ddeautocs) A cobaltstrike script that integrates DDEAuto Attacks
279 | - [**45**Star][4m] [C#] [jnqpblc/sharptask](https://github.com/jnqpblc/sharptask) SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.
280 | - [**45**Star][28d] [vysecurity/cobaltsplunk](https://github.com/vysecurity/CobaltSplunk) Splunk Dashboard for CobaltStrike logs
281 | - [**41**Star][3y] [Go] [empty-nest/emptynest](https://github.com/empty-nest/emptynest) a plugin based C2 server framework
282 | - [**33**Star][3m] [tom4t0/cobalt-strike-persistence](https://github.com/tom4t0/cobalt-strike-persistence) cobalt strike 自启动脚本
283 | - [**30**Star][5m] [C#] [mr-un1k0d3r/remoteprocessinjection](https://github.com/mr-un1k0d3r/remoteprocessinjection) C# remote process injection utility for Cobalt Strike
284 | - [**29**Star][6m] [redteamwing/cobaltstrike_wiki](https://github.com/redteamwing/cobaltstrike_wiki) Cobalt Strike 3.12中文文档
285 | - [**27**Star][2m] [johnnydep/cobaltstrike](https://github.com/johnnydep/cobaltstrike) cobalt strike stuff I have gathered from around github
286 | - [**24**Star][21d] [HTML] [ridter/cs_custom_404](https://github.com/ridter/cs_custom_404) Cobalt strike custom 404 page
287 | - [**22**Star][5m] [Py] [k8gege/pyladon](https://github.com/k8gege/pyladon) Ladon For Python, Large Network Penetration Scanner & Cobalt Strike, vulnerability / exploit / detection / MS17010
288 | - [**19**Star][2m] [icebearfriend/quickrundown](https://github.com/icebearfriend/quickrundown) Smart overlay for Cobalt Strike PS function
289 | - [**17**Star][4m] [Py] [attactics/cslogwatch](https://github.com/attactics/cslogwatch) Cobalt Strike log state tracking, parsing, and storage
290 | - [**14**Star][2m] [TS] [hattmo/c2profilejs](https://github.com/hattmo/c2profilejs) Web UI for creating C2 profiles for Cobalt Strike
291 | - [**9**Star][2y] [Zeek] [sjosz/cnc-detection](https://github.com/sjosz/cnc-detection) Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation
292 | - [**3**Star][3m] [Shell] [war-horse/docker-cobaltstrike](https://github.com/war-horse/docker-cobaltstrike) A Cobaltstrike container, built for Warhorse
293 | - [**None**Star][C++] [outflanknl/spray-ad](https://github.com/outflanknl/spray-ad) A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
294 | - [**None**Star][hack2fun/bypassav](https://github.com/hack2fun/bypassav) Cobalt Strike插件，用于快速生成免杀的可执行文件
295 | - [**None**Star][PS] [k8gege/powerladon](https://github.com/k8gege/powerladon) Large Network Penetration Scanner & Cobalt Strike, Ladon for PowerShell, vulnerability / exploit / detection / MS17010
296 | 
297 | 
298 | ***
299 | 
300 | 
301 | ## <a id="6368df4dcd53ad109982557bf1062b9d"></a>Post
302 | 
303 | 
304 | - 2020.04 [securelist] [Loncom packer: from backdoors to Cobalt Strike](https://securelist.com/loncom-packer-from-backdoors-to-cobalt-strike/96465/)
305 | - 2020.03 [cobaltstrike] [Cobalt Strike joins Core Impact at HelpSystems, LLC](https://blog.cobaltstrike.com/2020/03/04/cobalt-strike-joins-core-impact-at-helpsystems-llc/)
306 | - 2020.01 [malware] [2020-01-21 - HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2020/01/21/index2.html)
307 | - 2019.12 [malware] [2019-12-10 - DATA DUMP: HANCITOR INFECTION WITH URSNIF AND COBALT STRIKE](http://malware-traffic-analysis.net/2019/12/10/index.html)
308 | - 2019.12 [cobaltstrike] [Cobalt Strike 4.0 – Bring Your Own Weaponization](https://blog.cobaltstrike.com/2019/12/05/cobalt-strike-4-0-bring-your-own-weaponization/)
309 | - 2019.11 [ColinHardy] [Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection](https://www.youtube.com/watch?v=XnN_UWfHlNM)
310 | - 2019.11 [ironcastle] [Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike, (Wed, Nov 20th)](https://www.ironcastle.net/hancitor-infection-with-pony-evil-pony-ursnif-and-cobalt-strike-wed-nov-20th/)
311 | - 2019.08 [cobaltstrike] [Cobalt Strike’s Process Injection: The Details](https://blog.cobaltstrike.com/2019/08/21/cobalt-strikes-process-injection-the-details/)
312 | - 2019.08 [blackhillsinfosec] [Using CloudFront to Relay Cobalt Strike Traffic](https://www.blackhillsinfosec.com/using-cloudfront-to-relay-cobalt-strike-traffic/)
313 | - 2019.07 [malware] [2019-07-22 - HANCITOR-STYLE AMADEY MALSPAM PUSHES PONY & COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/25/index.html)
314 | - 2019.07 [malware] [2019-07-22 - HANCITOR SWITCHES TO AMADEY, STILL PUSHING PONY/URSNIF/COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/22/index.html)
315 | - 2019.07 [malware] [2019-07-03 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/03/index.html)
316 | - 2019.07 [malware] [2019-07-02 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/02/index2.html)
317 | - 2019.05 [rsa] [Detecting Command and Control in RSA NetWitness: Cobalt Strike](https://community.rsa.com/community/products/netwitness/blog/2019/05/28/detecting-command-and-control-in-rsa-netwitness-cobalt-strike)
318 | - 2019.05 [cobaltstrike] [Cobalt Strike 3.14 – Post-Ex Omakase Shimasu](https://blog.cobaltstrike.com/2019/05/02/cobalt-strike-3-14-post-ex-omakase-shimasu/)
319 | - 2019.04 [pentestpartners] [Cobalt Strike. Walkthrough for Red Teamers](https://www.pentestpartners.com/security-blog/cobalt-strike-walkthrough-for-red-teamers/)
320 | - 2019.02 [obscuritylabs] [Installing CobaltStrike on Ubuntu 18.04](https://obscuritylabs.com/blog/2019/02/23/installing-cobaltstrike-on-ubuntu-18-04/)
321 | - 2019.02 [obscuritylabs] [Installing CobaltStrike on Ubuntu 18.04](https://blog.obscuritylabs.com/install/)
322 | - 2019.01 [xpnsec] [How to Argue like Cobalt Strike](https://blog.xpnsec.com/how-to-argue-like-cobalt-strike/)
323 | - 2019.01 [cobaltstrike] [Cobalt Strike 3.13 – Why do we argue?](https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/)
324 | - 2018.11 [olafhartong] [Cobalt Strike Remote Threads detection](https://medium.com/p/206372d11d0f)
325 | - 2018.09 [crowdstrike] [Meet CrowdStrike’s Adversary of the Month for September: COBALT SPIDER](https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-september-cobalt-spider/)
326 | - 2018.09 [cobaltstrike] [Cobalt Strike 3.12 – Blink and you’ll miss it](https://blog.cobaltstrike.com/2018/09/06/cobalt-strike-3-12-blink-and-youll-miss-it/)
327 | - 2018.07 [f] [Bypassing Memory Scanners with Cobalt Strike and Gargoyle](https://labs.f-secure.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/)
328 | - 2018.07 [mwrinfosecurity] [Bypassing Memory Scanners with Cobalt Strike and Gargoyle](https://labs.mwrinfosecurity.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/)
329 | - 2018.04 [cobaltstrike] [Cobalt Strike 3.11 – The snake that eats its tail](https://blog.cobaltstrike.com/2018/04/09/cobalt-strike-3-11-the-snake-that-eats-its-tail/)
330 | - 2018.03 [] [Cobalt Strike Visualizations](https://medium.com/p/e6a6e841e16b)
331 | - 2018.03 [offensiveops] [Cobalt Strike – Bypassing Windows Defender with Obfuscation](http://www.offensiveops.io/tools/cobalt-strike-bypassing-windows-defender-with-obfuscation/)
332 | - 2018.01 [bluescreenofjeff] [Cobalt Strike OPSEC Profiles](https://bluescreenofjeff.com/2018-01-23-cobalt-strike-opsec-profiles/)
333 | - 2017.12 [cobaltstrike] [Cobalt Strike 3.10 – Хакер vs. 肉雞](https://blog.cobaltstrike.com/2017/12/11/cobalt-strike-3-10-%d1%85%d0%b0%d0%ba%d0%b5%d1%80-vs-%e8%82%89%e9%9b%9e/)
334 | - 2017.12 [threatexpress] [Slack Notifications for Cobalt Strike](http://threatexpress.com/blogs/2016/slack-notifications-for-cobalt-strike/)
335 | - 2017.12 [blackhillsinfosec] [A Morning with Cobalt Strike & Symantec](https://www.blackhillsinfosec.com/morning-cobalt-strike-symantec/)
336 | - 2017.11 [riskiq] [Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions](https://www.riskiq.com/blog/labs/cobalt-strike/)
337 | - 2017.11 [fortinet] [Cobalt Malware Strikes Using CVE-2017-11882 RTF Vulnerability](https://blog.fortinet.com/2017/11/27/cobalt-malware-strikes-using-cve-2017-11882-rtf-vulnerability)
338 | - 2017.11 [fortinet] [Cobalt Malware Strikes Using CVE-2017-11882 RTF Vulnerability](https://www.fortinet.com/blog/threat-research/cobalt-malware-strikes-using-cve-2017-11882-rtf-vulnerability.html)
339 | - 2017.11 [trendmicro] [Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks](https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/)
340 | - 2017.09 [rsa] [Malspam delivers Cobalt Strike payload 9-19-2017](https://community.rsa.com/community/products/netwitness/blog/2017/09/25/malspam-delivers-cobalt-strike-payload-9-19-2017)
341 | - 2017.09 [mwrinfosecurity] [“Tasking” Office 365 for Cobalt Strike C2](https://labs.mwrinfosecurity.com/blog/tasking-office-365-for-cobalt-strike-c2/)
342 | - 2017.09 [cobaltstrike] [Cobalt Strike 3.9 – Livin’ in a Stager’s Paradise](https://blog.cobaltstrike.com/2017/09/20/cobalt-strike-3-9-livin-in-a-stagers-paradise/)
343 | - 2017.06 [vkremez] [Let's Learn (DIY): Sophisticated Cobalt Strike Gang's CVE-2017-0199 Loader](https://www.vkremez.com/2017/06/lets-learn-diy-sophisticated-cobalt.html)
344 | - 2017.05 [cobaltstrike] [Cobalt Strike 3.8 – Who’s Your Daddy?](https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/)
345 | - 2017.04 [ecforce] [CVE-2017-0199 exploitation with Cobalt Strike tutorial](https://www.secforce.com/blog/2017/04/cve-2017-0199-exploitation-with-cobalt-strike-tutorial/)
346 | - 2017.04 [trustedsec] [Equation Group Dump Analysis and Full RCE on Win7 on MS17-010 with Cobalt Strike](https://www.trustedsec.com/2017/04/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/)
347 | - 2017.03 [cobaltstrike] [Cobalt Strike 3.7 – Cat, Meet Mouse](https://blog.cobaltstrike.com/2017/03/15/cobalt-strike-3-7-cat-meet-mouse/)
348 | - 2017.02 [zairon] [From RTF to Cobalt Strike passing via Flash](https://zairon.wordpress.com/2017/02/05/from-rtf-to-cobalt-strike-passing-via-flash/)
349 | - 2017.01 [inspired] [WMI Persistence with Cobalt Strike](https://blog.inspired-sec.com/archive/2017/01/20/WMI-Persistence.html)
350 | - 2016.12 [cobaltstrike] [Cobalt Strike 3.6 – A Path for Privilege Escalation](https://blog.cobaltstrike.com/2016/12/08/cobalt-strike-3-6-a-path-for-privilege-escalation/)
351 | - 2016.12 [threatexpress] [Slack Notifications for Cobalt Strike](http://threatexpress.com/2016/12/slack-notifications-for-cobalt-strike/)
352 | - 2016.10 [cobaltstrike] [Cobalt Strike Tapas II](https://blog.cobaltstrike.com/2016/10/19/cobalt-strike-tapas-ii/)
353 | - 2016.10 [cobaltstrike] [Cobalt Strike 3.5.1 – Important Security Update](https://blog.cobaltstrike.com/2016/10/03/cobalt-strike-3-5-1-important-security-update/)
354 | - 2016.09 [cobaltstrike] [Cobalt Strike RCE. Active Exploitation Reported.](https://blog.cobaltstrike.com/2016/09/28/cobalt-strike-rce-active-exploitation-reported/)
355 | - 2016.09 [cobaltstrike] [Cobalt Strike 3.5 – UNIX Post Exploitation](https://blog.cobaltstrike.com/2016/09/22/cobalt-strike-3-5-unix-post-exploitation/)
356 | - 2016.09 [cobaltstrike] [Cobalt Strike Tapas](https://blog.cobaltstrike.com/2016/09/16/cobalt-strike-tapas/)
357 | - 2016.07 [cobaltstrike] [Cobalt Strike 3.4 – Operational Details](https://blog.cobaltstrike.com/2016/07/29/cobalt-strike-3-4-operational-details/)
358 | - 2016.07 [cobaltstrike] [HOWTO: Reset Your Cobalt Strike License Key](https://blog.cobaltstrike.com/2016/07/15/howto-reset-your-cobalt-strike-license-key/)
359 | - 2016.06 [bluescreenofjeff] [Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite](https://bluescreenofjeff.com/2016-06-28-cobalt-strike-http-c2-redirectors-with-apache-mod_rewrite/)
360 | - 2014.01 [security] [Four Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2014/01/four-days-with-cortana-script-engine.html)
361 | - 2013.12 [security] [Three Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/11/two-days-with-cortana-script-engine.html)
362 | - 2013.12 [security] [Cobalt Strike Report Hosts *Mod*](http://security-is-just-an-illusion.blogspot.com/2013/12/cobalt-strike-report-hosts-mod.html)
363 | - 2013.12 [security] [Two Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/12/two-days-with-cortana-script-engine.html)
364 | - 2013.12 [security] [One Day with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/11/one-day-with-cortana-script-engine.html)
365 | - 2012.08 [toolswatch] [Blackhat USA 2012: Interview with Raphael Mudge about Armitage (Also Introducing CobaltStrike)](http://www.toolswatch.org/2012/08/blackhat-usa-2012-interview-with-raphael-mudge-about-armitage-also-introducing-cobaltstrike/)
366 | 
367 | 
368 | # Contribute
369 | Contents auto exported by Our System, please raise Issue if you have any question.
370 | 


--------------------------------------------------------------------------------
/history/CobaltStrike_20200531095202.md:
--------------------------------------------------------------------------------
  1 | # [所有收集类项目](https://github.com/alphaSeclab/all-my-collection-repos)
  2 | 
  3 | 
  4 | 
  5 | 
  6 | # CobaltStrike
  7 | 
  8 | 
  9 | - 跟Cobalt Strike相关资料, 包括100+工具和200+文章
 10 | - [English Version](https://github.com/alphaSeclab/cobalt-strike/blob/master/Readme_en.md)
 11 | 
 12 | 
 13 | # 目录
 14 | - [External C2](#354ab7654ce3b7c2bdaadd4b8cec655a) ->  [(9)工具](#f68ecdb8fb6ad2a853974daa90aed75d) [(10)文章](#3f8322b76fd5bf27bcced5676ecb23cb)
 15 | - [Malleable C2](#3c7575eb27204dbf1ed80f96706c2967) ->  [(6)工具](#61838d4bce2285c7772b309c7bf77300) [(10)文章](#803659291490cf303d14af45bfededa8)
 16 | - [Beacon](#403f0531bfef73b0950ebb204f8c943c) ->  [(24)工具](#d3f40c082e959ea8eb4972d192491986) [(63)文章](#9d08b2a4104484ddea919603692e4efd)
 17 | - [Listener](#3e1518acb4f724d940248244d90c84d3) ->  [(1)工具](#5a709999cb246f31f15954a28e510804)
 18 | - [Aggressor Script](#a9814deb7dba1a899218c27971bb0143) ->  [(29)工具](#57402818113a06fa8c16d023ce6fae05) [(8)文章](#bbf6ba0a11dd2a6e0f86469609796fe7)
 19 | - [新添加](#bbe1c2fab620850440dbdc9cafad4280) ->  [(39)工具](#cfa38dd2bfe0bd0fa27d73e7bd2e12f6) [(117)文章](#6368df4dcd53ad109982557bf1062b9d)
 20 | 
 21 | 
 22 | # <a id="354ab7654ce3b7c2bdaadd4b8cec655a"></a>External C2
 23 | 
 24 | 
 25 | ***
 26 | 
 27 | 
 28 | ## <a id="f68ecdb8fb6ad2a853974daa90aed75d"></a>工具
 29 | 
 30 | 
 31 | - [**325**星][2y] [C#] [spiderlabs/dohc2](https://github.com/spiderlabs/dohc2) DoHC2 allows the ExternalC2 library from Ryan Hanson (
 32 | - [**222**星][23d] [PS] [qax-a-team/cobaltstrike-toolset](https://github.com/QAX-A-Team/CobaltStrike-Toolset) Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
 33 | - [**188**星][3y] [C#] [ryhanson/externalc2](https://github.com/ryhanson/externalc2) A library for integrating communication channels with the Cobalt Strike External C2 server
 34 | - [**150**星][26d] [Py] [und3rf10w/external_c2_framework](https://github.com/und3rf10w/external_c2_framework) Python api for usage with cobalt strike's External C2 specification
 35 | - [**140**星][1m] [C++] [xorrior/raven](https://github.com/xorrior/raven) CobaltStrike External C2 for Websockets
 36 | - [**76**星][30d] [C] [outflanknl/external_c2](https://github.com/outflanknl/external_c2) POC for Cobalt Strike external C2
 37 | - [**58**星][1y] [C#] [mdsecactivebreach/browser-externalc2](https://github.com/mdsecactivebreach/browser-externalc2) External C2 Using IE COM Objects
 38 | - [**58**星][2m] [Py] [truneski/external_c2_framework](https://github.com/truneski/external_c2_framework) Python api for usage with cobalt strike's External C2 specification
 39 | - [**37**星][3m] [Go] [lz1y/gecc](https://github.com/lz1y/gecc) Cobalt Strike - Go External C2 Client
 40 | 
 41 | 
 42 | ***
 43 | 
 44 | 
 45 | ## <a id="3f8322b76fd5bf27bcced5676ecb23cb"></a>文章
 46 | 
 47 | 
 48 | - 2019.12 [talosintelligence] [WAGO PFC200 iocheckd service "I/O-Check" external tool information exposure vulnerability](https://talosintelligence.com/vulnerability_reports/TALOS-2019-0862)
 49 | - 2019.10 [aliyun] [Cobalt Strike 的 ExternalC2](https://xz.aliyun.com/t/6565)
 50 | - 2019.03 [4hou] [恶意软件如何将External C2和IE COM对象用于命令和控制](https://www.4hou.com/technology/16215.html)
 51 | - 2019.03 [aliyun] [探索CobaltStrike的External C2框架](https://xz.aliyun.com/t/4220)
 52 | - 2019.02 [mdsec] [External C2, IE COM Objects and how to use them for Command and Control](https://www.mdsec.co.uk/2019/02/external-c2-ie-com-objects-and-how-to-use-them-for-command-and-control/)
 53 | - 2018.04 [360] [一起探索Cobalt Strike的ExternalC2框架](https://www.anquanke.com/post/id/103395/)
 54 | - 2018.04 [aliyun] [深入探索Cobalt Strike的ExternalC2框架](https://xz.aliyun.com/t/2239)
 55 | - 2018.03 [xpnsec] [探索Cobalt Strike与C&C通信的ExternalC2框架/通信规范](https://blog.xpnsec.com/exploring-cobalt-strikes-externalc2-framework/)
 56 | - 2017.10 [360] [Cobalt Strike的特殊功能（external_C2）探究](https://www.anquanke.com/post/id/86980/)
 57 | - 2013.10 [colinpoflynn] [PLIP DEC2013: Hardware Co-Sim with External Hardware (Serial Port)](https://www.youtube.com/watch?v=g8z5UtcuNyE)
 58 | 
 59 | 
 60 | # <a id="3c7575eb27204dbf1ed80f96706c2967"></a>Malleable C2
 61 | 
 62 | 
 63 | ***
 64 | 
 65 | 
 66 | ## <a id="61838d4bce2285c7772b309c7bf77300"></a>工具
 67 | 
 68 | 
 69 | - [**462**星][2y] [rsmudge/malleable-c2-profiles](https://github.com/rsmudge/malleable-c2-profiles) Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
 70 | - [**217**星][2y] [Py] [bluscreenofjeff/malleable-c2-randomizer](https://github.com/bluscreenofjeff/malleable-c2-randomizer) A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls
 71 | - [**205**星][23d] [threatexpress/malleable-c2](https://github.com/threatexpress/malleable-c2) Cobalt Strike Malleable C2 Design and Reference Guide
 72 | - [**105**星][9m] [xx0hcd/malleable-c2-profiles](https://github.com/xx0hcd/malleable-c2-profiles) Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike
 73 | - [**41**星][3y] [bluscreenofjeff/malleablec2profiles](https://github.com/bluscreenofjeff/malleablec2profiles) Malleable C2 profiles for Cobalt Strike
 74 | - [**None**星][Py] [fortynorthsecurity/c2concealer](https://github.com/fortynorthsecurity/c2concealer) C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.
 75 | 
 76 | 
 77 | ***
 78 | 
 79 | 
 80 | ## <a id="803659291490cf303d14af45bfededa8"></a>文章
 81 | 
 82 | 
 83 | - 2018.12 [freebuf] [关于Cobalt Strike的Malleable-C2-Profiles浅析](https://www.freebuf.com/articles/rookie/189948.html)
 84 | - 2018.09 [aliyun] [【翻译】深入研究cobalt strike malleable C2配置文件](https://xz.aliyun.com/t/2796)
 85 | - 2018.09 [specterops] [A Deep Dive into Cobalt Strike Malleable C2](https://medium.com/p/6660e33b0e0b)
 86 | - 2018.09 [threatexpress] [A Deep Dive into Cobalt Strike Malleable C2](http://threatexpress.com/2018/09/a-deep-dive-into-cobalt-strike-malleable-c2/)
 87 | - 2018.09 [threatexpress] [A Deep Dive into Cobalt Strike Malleable C2](http://threatexpress.com/blogs/2018/a-deep-dive-into-cobalt-strike-malleable-c2/)
 88 | - 2018.06 [cobaltstrike] [Broken Promises and Malleable C2 Profiles](https://blog.cobaltstrike.com/2018/06/04/broken-promises-and-malleable-c2-profiles/)
 89 | - 2018.01 [threatexpress] [Automating Apache mod_rewrite and Cobalt Strike Malleable C2 for Intelligent Redirection](http://threatexpress.com/2018/02/automating-cobalt-strike-profiles-apache-mod_rewrite-htaccess-files-intelligent-c2-redirection/)
 90 | - 2017.08 [bluescreenofjeff] [Randomized Malleable C2 Profiles Made Easy](https://bluescreenofjeff.com/2017-08-30-randomized-malleable-c2-profiles-made-easy/)
 91 | - 2017.01 [bluescreenofjeff] [How to Write Malleable C2 Profiles for Cobalt Strike](https://bluescreenofjeff.com/2017-01-24-how-to-write-malleable-c2-profiles-for-cobalt-strike/)
 92 | - 2014.07 [harmj0y] [A Brave New World: Malleable C2](http://www.harmj0y.net/blog/redteaming/a-brave-new-world-malleable-c2/)
 93 | 
 94 | 
 95 | # <a id="403f0531bfef73b0950ebb204f8c943c"></a>Beacon
 96 | 
 97 | 
 98 | ***
 99 | 
100 | 
101 | ## <a id="d3f40c082e959ea8eb4972d192491986"></a>工具
102 | 
103 | 
104 | - [**244**星][6m] [PS] [rsmudge/elevatekit](https://github.com/rsmudge/elevatekit) The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
105 | - [**193**星][17d] [Go] [darkr4y/geacon](https://github.com/darkr4y/geacon) Practice Go programming and implement CobaltStrike's Beacon in Go
106 | - [**129**星][2m] [JS] [dermike/slide-beacon-app](https://github.com/dermike/slide-beacon-app) Share links from your Mac using this app to broadcast them as a Physical Web Eddystone URL bluetooth beacon or mDNS.
107 | - [**115**星][4m] [HTML] [romanemelyanov/cobaltstrikeforensic](https://github.com/romanemelyanov/cobaltstrikeforensic) Toolset for research malware and Cobalt Strike beacons
108 | - [**71**星][6m] [Py] [daddycocoaman/beacongraph](https://github.com/daddycocoaman/beacongraph) Graph visualization of wireless client and access point relationships
109 | - [**59**星][24d] [Go] [averagesecurityguy/c2](https://github.com/averagesecurityguy/c2) A simple, extensible C&C beaconing system.
110 | - [**57**星][2m] [Shell] [cyb0r9/network-attacker](https://github.com/Cyb0r9/network-attacker) Programmed For Penetration Testing Beginners . This Program Based on Mdk3 . "WiFi Stress Testing Beacon Flooding & Deauthentication Attack "
111 | - [**56**星][24d] [HTML] [aravinthpanch/rssi](https://github.com/aravinthpanch/rssi) Indoor localisation using RSSI. RSSI is received signal strength indicator in IEEE 802.11 beacon packet to announce the presence of WiFi.This tool was built to study & visualize the data collected in the experiments. This was done at Telecommunications Network Group (TKN), Berlin as part of EVARILOS.
112 | - [**50**星][2m] [001spartan/csfm](https://github.com/001spartan/csfm) Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.
113 | - [**45**星][10m] [JS] [dermike/physical-web-scan-app](https://github.com/dermike/physical-web-scan-app) Mac OSX desktop client app to scan for Physical Web (Eddystone) bluetooth beacons
114 | - [**39**星][4m] [C++] [lijuno/nrf24_ble](https://github.com/lijuno/nRF24_BLE) Hacking nRF24L01+ as a low-cost BLE beacon
115 | - [**30**星][5m] [chriso0710/pikiosk](https://github.com/chriso0710/pikiosk) Automate Chromium in kiosk mode and Eddystone beacon on Raspberry Pi Raspbian Jessie with Ansible. Use a single command to update the kiosk and Eddystone URLs on all machines.
116 | - [**29**星][24d] [TS] [iot-makers/sigfox-platform](https://github.com/iot-makers/sigfox-platform) Open Source platform to display and parse Sigfox messages in real time with Sigfox, GPS, WiFi & beacon geolocalisation
117 | - [**25**星][9m] [C] [clockfort/wifi-locator](https://github.com/clockfort/wifi-locator) Determines physical location of station judging from 802.11 beacons' BSSID/Signal/Noise/Quality information.
118 | - [**20**星][5m] [C++] [6e726d/native-wifi-api-beacon-sniffer](https://github.com/6e726d/native-wifi-api-beacon-sniffer) Tool that dumps beacon frames to a pcap file. Works on Windows Vista or Later with any Wireless Card.
119 | - [**14**星][23d] [Py] [mlodic/ursnif_beacon_decryptor](https://github.com/mlodic/ursnif_beacon_decryptor) Ursnif beacon decryptor
120 | - [**12**星][1m] [Go] [wahyuhadi/beacon-c2-go](https://github.com/wahyuhadi/beacon-c2-go) backdoor c2
121 | - [**11**星][3m] [Dockerfile] [d3vzer0/cnc-relay](https://github.com/d3vzer0/cnc-relay) Docker projects to retain beacon source IPs using C2 relaying infra
122 | - [**10**星][2y] [C] [wifimon/wifimon](https://github.com/wifimon/wifimon) Wi-fi 802.11 Beacon Frame sniffer
123 | - [**9**星][3y] [C] [loukamb/beacon](https://github.com/loukamb/beacon) Lightweight, header-only C++ IPC library for Windows operating systems (Vista+) using advanced local procedure calls
124 | - [**9**星][4m] [Py] [ajackal/cherrywasp](https://github.com/ajackal/cherrywasp) An 802.11 probe request and beacon sniffer.
125 | - [**2**星][9m] [Shell] [b3n-j4m1n/flood-kick-sniff](https://github.com/b3n-j4m1n/flood-kick-sniff) Known Beacons attack tool
126 | - [**2**星][5m] [Shell] [op7ic/rt-officebeaconbox](https://github.com/op7ic/rt-officebeaconbox) Simple Office-based beacon that calls back to your server for phishing exercises.
127 | - [**None**星][C++] [rvn0xsy/linco2](https://github.com/rvn0xsy/linco2) 模拟Cobalt Strike的Beacon与C2通信过程，实现了基于HTTP协议的Linux C2
128 | 
129 | 
130 | ***
131 | 
132 | 
133 | ## <a id="9d08b2a4104484ddea919603692e4efd"></a>文章
134 | 
135 | 
136 | - 2020.05 [pentestpartners] [Short beacon analysis on the NHS iOS Tracking application](https://www.pentestpartners.com/security-blog/short-beacon-analysis-on-the-nhs-ios-tracking-application/)
137 | - 2020.05 [findingbad] [Hunting for Beacons Part 2](http://findingbad.blogspot.com/2020/05/hunting-for-beacons-part-2.html)
138 | - 2020.05 [findingbad] [Hunting for Beacons](http://findingbad.blogspot.com/2020/05/hunting-for-beacons.html)
139 | - 2020.04 [activecountermeasures] [Threat Simulation – Beacons](https://www.activecountermeasures.com/threat-simulation-beacons/)
140 | - 2020.04 [tindie] [UHF Radio Beacon for Lost RC Models](https://blog.tindie.com/2020/04/uhf-radio-beacon-lost-rc-models/)
141 | - 2020.04 [aliyun] [cobaltstrike dns beacon知多少](https://xz.aliyun.com/t/7488)
142 | - 2020.03 [blackhillsinfosec] [Detecting Malware Beacons With Zeek and RITA](https://www.blackhillsinfosec.com/detecting-malware-beacons-with-zeek-and-rita/)
143 | - 2020.01 [fox] [Hunting for beacons](https://blog.fox-it.com/2020/01/15/hunting-for-beacons/)
144 | - 2019.11 [s0lst1c3] [Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks](https://posts.specterops.io/modern-wireless-attacks-pt-ii-mana-and-known-beacon-attacks-97a359d385f9)
145 | - 2019.10 [specterops] [Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks](https://medium.com/p/97a359d385f9)
146 | - 2019.08 [TechMinds] [Hunting LF/MF/HF Beacons With An Airspy HF+ Discovery](https://www.youtube.com/watch?v=PduaBOMPlz4)
147 | - 2019.05 [activecountermeasures] [Detecting Beacons With Jitter](https://www.activecountermeasures.com/detecting-beacons-with-jitter/)
148 | - 2019.05 [freebuf] [通过ee-outliers与Elasticsearch检测TLS beaconing](https://www.freebuf.com/sectool/202735.html)
149 | - 2019.04 [activecountermeasures] [Simplifying Beacon Analysis through Big Data Analysis](https://www.activecountermeasures.com/simplifying-beacon-analysis-through-big-data-analysis/)
150 | - 2019.04 [NDSSSymposium] [NDSS 2019  MBeacon: Privacy-Preserving Beacons for DNA Methylation Data](https://www.youtube.com/watch?v=ZF78gBfppfM)
151 | - 2019.02 [sensorfu] [SensorFu Beacon How To: 3 steps to always know if your isolated Linux leaks](https://medium.com/p/e2206252782c)
152 | - 2019.02 [sensorfu] [Deploying SensorFu Beacon Windows Application with GPO](https://medium.com/p/530e315f25a)
153 | - 2019.02 [rapid7] [Smart Sensors: A Look at Beacon Security](https://blog.rapid7.com/2019/02/05/smart-sensors-a-look-at-beacon-security/)
154 | - 2019.02 [sensorfu] [Using SensorFu Beacon to supplement Threat Intel](https://medium.com/p/ff8dc1a3bfb8)
155 | - 2018.12 [nviso] [TLS beaconing detection using ee-outliers and Elasticsearch](https://blog.nviso.be/2018/12/11/tls-beaconing-detection-using-ee-outliers-and-elasticsearch/)
156 | - 2018.11 [DEFCONConference] [DEF CON 26 HARDWARE HACKING VILLAGE - John Aho -  WiFi Beacons will give you up](https://www.youtube.com/watch?v=1XoxtcBGga0)
157 | - 2018.10 [NullByte] [Track & Connect to Smartphones with a Beacon Swarm [Tutorial]](https://www.youtube.com/watch?v=o95Or-Z_Ybk)
158 | - 2018.09 [blackhillsinfosec] [PODCAST: Beacon Analysis](https://www.blackhillsinfosec.com/beaconanalysis/)
159 | - 2018.09 [activecountermeasures] [Threat Hunting Beacon Analysis Webcast from September 11, 2018](https://www.activecountermeasures.com/threat-hunting-beacon-analysis-webcast-from-september-11-2018/)
160 | - 2018.08 [activecountermeasures] [Threat Hunting – Simplifying The Beacon Analysis Process](https://www.activecountermeasures.com/threat-hunting-simplifying-the-beacon-analysis-process/)
161 | - 2018.08 [activecountermeasures] [Beacon Analysis – The Key to Cyber Threat Hunting](https://www.activecountermeasures.com/blog-beacon-analysis-the-key-to-cyber-threat-hunting/)
162 | - 2018.08 [jpcert] [Volatility Plugin for Detecting Cobalt Strike Beacon](https://blog.jpcert.or.jp/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html)
163 | - 2018.08 [jpcert] [Volatility Plugin for Detecting Cobalt Strike Beacon](https://blogs.jpcert.or.jp/en/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html)
164 | - 2018.04 [activecountermeasures] [New Beacon Graph in the Works](https://www.activecountermeasures.com/new-beacon-graph-in-the-works/)
165 | - 2018.04 [3gstudent] [CIA Hive Beacon Infrastructure复现2——使用Apache mod_rewrite实现https流量分发](https://3gstudent.github.io/3gstudent.github.io/CIA-Hive-Beacon-Infrastructure%E5%A4%8D%E7%8E%B02-%E4%BD%BF%E7%94%A8Apache-mod_rewrite%E5%AE%9E%E7%8E%B0https%E6%B5%81%E9%87%8F%E5%88%86%E5%8F%91/)
166 | - 2018.04 [3gstudent] [CIA Hive Beacon Infrastructure复现2——使用Apache mod_rewrite实现https流量分发](https://3gstudent.github.io/3gstudent.github.io/CIA-Hive-Beacon-Infrastructure%E5%A4%8D%E7%8E%B02-%E4%BD%BF%E7%94%A8Apache-mod_rewrite%E5%AE%9E%E7%8E%B0https%E6%B5%81%E9%87%8F%E5%88%86%E5%8F%91/)
167 | - 2018.04 [3gstudent] [CIA Hive Beacon Infrastructure复现1——使用Apache mod_rewrite实现http流量分发](https://3gstudent.github.io/3gstudent.github.io/CIA-Hive-Beacon-Infrastructure%E5%A4%8D%E7%8E%B01-%E4%BD%BF%E7%94%A8Apache-mod_rewrite%E5%AE%9E%E7%8E%B0http%E6%B5%81%E9%87%8F%E5%88%86%E5%8F%91/)
168 | - 2018.04 [3gstudent] [CIA Hive Beacon Infrastructure复现1——使用Apache mod_rewrite实现http流量分发](https://3gstudent.github.io/3gstudent.github.io/CIA-Hive-Beacon-Infrastructure%E5%A4%8D%E7%8E%B01-%E4%BD%BF%E7%94%A8Apache-mod_rewrite%E5%AE%9E%E7%8E%B0http%E6%B5%81%E9%87%8F%E5%88%86%E5%8F%91/)
169 | - 2018.04 [rvrsh3ll] [Redirecting Cobalt Strike DNS Beacons](https://medium.com/p/e3dcdb5a8b9b)
170 | - 2018.02 [census] [The Known Beacons Attack (34th Chaos Communication Congress)](https://census-labs.com/news/2018/02/01/known-beacons-attack-34c3/)
171 | - 2017.06 [cobaltstrike] [OPSEC Considerations for Beacon Commands](https://blog.cobaltstrike.com/2017/06/23/opsec-considerations-for-beacon-commands/)
172 | - 2017.06 [360] [使用Flare、Elastic Stack、IDS检测恶意软件通信的“beaconing”](https://www.anquanke.com/post/id/86285/)
173 | - 2017.06 [social] [Web Beacons for Social Engineering Reconnaissance](https://www.social-engineer.org/general-blog/web-beacons-social-engineering-reconnaissance/)
174 | - 2017.06 [austintaylor] [使用 Flare、ElasticStack 及 IDS 检测 Beaconing（恶意软件周期性与C&C通信的过程）](http://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/)
175 | - 2017.06 [longtermsec] [Chrome just hardened the Navigator Beacon API against Cross-Site-Request-Forgery (CSRF)](https://medium.com/p/690239ccccf)
176 | - 2017.02 [freebuf] [Cobalt Strike之DNS Beacon使用记录](http://www.freebuf.com/sectool/127125.html)
177 | - 2016.11 [jerrygamblin] [Spoofing Beacon Frames From The 5000 Most Common SSIDS](https://jerrygamblin.com/2016/11/27/spoofing-the-top-5000-ssids/)
178 | - 2016.10 [rvrsh3ll] [Redirecting Cobalt Strike DNS Beacons](http://www.rvrsh3ll.net/blog/offensive/redirecting-cobalt-strike-dns-beacons/)
179 | - 2016.09 [christophertruncer] [Receiving Text Messages for your Incoming Beacons](https://www.christophertruncer.com/receiving-text-messages-for-your-incoming-beacons/)
180 | - 2016.07 [] [Forging WiFi Beacon Frames Using Scapy](https://www.4armed.com/blog/forging-wifi-beacon-frames-using-scapy/)
181 | - 2016.05 [breakpoint] [Using Python to Decrypt Dispind.A and Helminth HTTP Beacons](https://breakpoint-labs.com/blog/using-python-to-decrypt-dispind-a-and-helminth-http-beacons/)
182 | - 2016.05 [arxiv] [[1605.04559] Bitcoin Beacon](https://arxiv.org/abs/1605.04559)
183 | - 2015.11 [freebuf] [HackRF嗅探蓝牙重放iBeacons信号](http://www.freebuf.com/articles/wireless/86345.html)
184 | - 2015.11 [alienvault] [Ultrasound Tracking Beacons Making Things Sort of Creepy For Consumers](https://www.alienvault.com/blogs/security-essentials/ultrasound-tracking-beacons-making-things-sort-of-creepy-for-consumers)
185 | - 2015.10 [z4ziggy] [Exploring Bluetooth & iBeacons – from software to radio signals and back.](https://z4ziggy.wordpress.com/2015/10/01/exploring-bluetooth-and-ibeacons-from-software-to-radio-signals-and-back/)
186 | - 2015.09 [christophertruncer] [Upgrading Your Shells to Beacons](https://www.christophertruncer.com/upgrade-your-shells-to-beacons/)
187 | - 2015.07 [securitykitten] [Finding Beacons With Bro](http://securitykitten.github.io/finding-beacons-with-bro/)
188 | - 2015.04 [arxiv] [[1504.07192] Location-aware sign-on and key exchange using attribute-based encryption and Bluetooth beacons](https://arxiv.org/abs/1504.07192)
189 | - 2015.01 [securityriskadvisors] [Beaconing Past McAfee ePO](http://securityriskadvisors.com/blog/post/beaconing-past-mcafee-epo/)
190 | - 2014.10 [sans] [CSAM: Be Wary of False Beacons](https://isc.sans.edu/forums/diary/CSAM+Be+Wary+of+False+Beacons/18813/)
191 | - 2014.08 [freebuf] [BTLE/BT4.0低功耗蓝牙无线发包器（可模拟iBeacon、建链、通信等）](http://www.freebuf.com/sectool/40078.html)
192 | - 2014.05 [rsa] [Sality Botnet Beacons Change- How to Detect It](https://community.rsa.com/community/products/netwitness/blog/2014/05/09/sality-botnet-beacons-change-how-to-detect-it)
193 | - 2014.05 [metaflows] [Got Beacons?](https://www.metaflows.com/blog/got-beacons/)
194 | - 2014.02 [rsa] [Detecting the Zusy Botnet Beaconing](https://community.rsa.com/community/products/netwitness/blog/2014/02/20/detecting-the-zusy-botnet-beaconing)
195 | - 2013.11 [freebuf] [关于分析Cobalt Strike的beacon.dll的一些TIPS](http://www.freebuf.com/articles/system/18404.html)
196 | - 2012.12 [arxiv] [[1212.2404] A beaconing approach whith key exchange in vehicular ad hoc networks](https://arxiv.org/abs/1212.2404)
197 | - 2012.10 [toolswatch] [New feature “Beacon” added to Cobalt Strike](http://www.toolswatch.org/2012/10/new-feature-beacon-added-to-cobalt-strike/)
198 | - 2012.07 [talosintelligence] [Banking Trojan Spread Via UPS Phish Uses 0xDEADBEEF Beacon](https://blog.talosintelligence.com/2012/07/banking-trojan-spread-via-ups-phish.html)
199 | 
200 | 
201 | # <a id="3e1518acb4f724d940248244d90c84d3"></a>Listener
202 | 
203 | 
204 | ***
205 | 
206 | 
207 | ## <a id="5a709999cb246f31f15954a28e510804"></a>工具
208 | 
209 | 
210 | - [**49**星][20d] [Shell] [taherio/redi](https://github.com/taherio/redi) Automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt)
211 | 
212 | 
213 | # <a id="a9814deb7dba1a899218c27971bb0143"></a>Aggressor Script
214 | 
215 | 
216 | ***
217 | 
218 | 
219 | ## <a id="57402818113a06fa8c16d023ce6fae05"></a>工具
220 | 
221 | 
222 | - [**758**星][8m] [C#] [harleyqu1nn/aggressorscripts](https://github.com/harleyqu1nn/aggressorscripts) Cobalt Strike 3.0+ Aggressor 脚本收集
223 | - [**378**星][2y] [bluscreenofjeff/aggressorscripts](https://github.com/bluscreenofjeff/aggressorscripts) Aggressor scripts for use with Cobalt Strike 3.0+
224 | - [**369**星][18d] [Java] [rsmudge/cortana-scripts](https://github.com/rsmudge/cortana-scripts) A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called Aggressor Script.
225 | - [**252**星][3y] [PS] [und3rf10w/aggressor-scripts](https://github.com/und3rf10w/aggressor-scripts) Aggressor scripts I've made for Cobalt Strike
226 | - [**215**星][2y] [C#] [spiderlabs/sharpcompile](https://github.com/spiderlabs/sharpcompile) SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing…
227 | - [**175**星][22d] [uknowsec/sharptoolsaggressor](https://github.com/uknowsec/sharptoolsaggressor) 内网渗透中常用的c#程序整合成cs脚本，直接内存加载。持续更新~
228 | - [**174**星][2y] [ramen0x3f/aggressorscripts](https://github.com/ramen0x3f/aggressorscripts)  audit your machines or machines you're authorized to audit
229 | - [**144**星][4m] [PS] [vysecurity/aggressor-vysec](https://github.com/vysecurity/Aggressor-VYSEC) CobaltStrike Aggressor Scripts
230 | - [**126**星][2y] [zonksec/persistence-aggressor-script](https://github.com/zonksec/persistence-aggressor-script) initial commit
231 | - [**102**星][2y] [PS] [rhinosecuritylabs/aggressor-scripts](https://github.com/rhinosecuritylabs/aggressor-scripts) Aggregation of Cobalt Strike's aggressor scripts.
232 | - [**101**星][27d] [001spartan/aggressor_scripts](https://github.com/001spartan/aggressor_scripts) A collection of useful scripts for Cobalt Strike
233 | - [**97**星][2y] [PS] [rasta-mouse/aggressor-script](https://github.com/rasta-mouse/aggressor-script) Collection of Aggressor Scripts for Cobalt Strike
234 | - [**93**星][4m] [Py] [fortynorthsecurity/aggressorassessor](https://github.com/fortynorthsecurity/aggressorassessor) Aggressor scripts for phases of a pen test or red team assessment
235 | - [**87**星][22d] [k8gege/aggressor](https://github.com/k8gege/Aggressor) Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force
236 | - [**87**星][22d] [k8gege/aggressor](https://github.com/k8gege/aggressor) Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force
237 | - [**73**星][27d] [vysecurity/cve-2018-4878](https://github.com/vysecurity/CVE-2018-4878) Aggressor Script to launch IE driveby for CVE-2018-4878
238 | - [**68**星][2y] [tevora-threat/powerview3-aggressor](https://github.com/tevora-threat/powerview3-aggressor) Cobalt Strike Aggressor script menu for Powerview/SharpView
239 | - [**57**星][2y] [PS] [invokethreatguy/csasc](https://github.com/invokethreatguy/csasc) Cobalt Strike Aggressor Script Collection
240 | - [**46**星][4m] [Py] [coalfire-research/vampire](https://github.com/coalfire-research/vampire) Vampire is an aggressor script which integrates with BloodHound to mark nodes as owned.
241 | - [**46**星][16d] [JS] [threatexpress/aggressor-scripts](https://github.com/threatexpress/aggressor-scripts) Cobalt Strike Aggressor Scripts
242 | - [**43**星][27d] [tevora-threat/aggressor-powerview](https://github.com/tevora-threat/aggressor-powerview) PowerView menu for Cobalt Strike
243 | - [**39**星][2y] [secgroundzero/cs-aggressor-scripts](https://github.com/secgroundzero/cs-aggressor-scripts) Aggressor Scripts for Cobalt Strike
244 | - [**30**星][17d] [mgeeky/cobalt-arsenal](https://github.com/mgeeky/cobalt-arsenal) My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
245 | - [**25**星][6m] [scanfsec/cve-2018-15982](https://github.com/scanfsec/cve-2018-15982) Aggressor Script to launch IE driveby for CVE-2018-15982.
246 | - [**22**星][3y] [PS] [oldb00t/aggressorscripts](https://github.com/oldb00t/aggressorscripts) Cobaltstrike Aggressor Scripts
247 | - [**22**星][12m] [superdong0/aggressor_mail](https://github.com/superdong0/aggressor_mail) beacon,aggressor-scripts,cna,cobalt-strike,email
248 | - [**18**星][3m] [mdsecactivebreach/execute-githubassembly-aggressor](https://github.com/mdsecactivebreach/execute-githubassembly-aggressor) Aggressor Script to Execute Assemblies from Github
249 | - [**1**星][8m] [kingsabri/aggressorscripts](https://github.com/kingsabri/aggressorscripts) A collection of Cobalt Strike aggressor scripts
250 | - [**None**星][C] [timwhitez/cobalt-strike-aggressor-scripts](https://github.com/timwhitez/cobalt-strike-aggressor-scripts) Cobalt Strike Aggressor 插件包
251 | 
252 | 
253 | ***
254 | 
255 | 
256 | ## <a id="bbf6ba0a11dd2a6e0f86469609796fe7"></a>文章
257 | 
258 | 
259 | - 2019.06 [rastamouse] [The Return of Aggressor](https://rastamouse.me/2019/06/the-return-of-aggressor/)
260 | - 2018.07 [tevora] [A SharpView and More Aggressor](https://threat.tevora.com/a-sharpview-and-more-aggressor/)
261 | - 2018.03 [tevora] [Aggressor PowerView](http://threat.tevora.com/aggressor-powerview/)
262 | - 2018.03 [] [Aggressor 101: Unleashing Cobalt Strike for Fun and Profit](https://medium.com/p/879bf22cea31)
263 | - 2018.02 [360] [Cobalt  Strike神器高级教程利用Aggressor脚本编写目标上线邮件提醒](https://www.anquanke.com/post/id/98829/)
264 | - 2016.11 [bluescreenofjeff] [Beaconpire - Cobalt Strike and Empire Interoperability with Aggressor Script](https://bluescreenofjeff.com/2016-11-29-beaconpire-cobalt-strike-and-empire-interoperability-with-aggressor-script/)
265 | - 2016.09 [bluescreenofjeff] [Adding Easy GUIs to Aggressor Scripts](https://bluescreenofjeff.com/2016-09-07-adding-easy-guis-to-aggressor-scripts/)
266 | - 2016.05 [zonksec] [Persistence Aggressor Script](https://zonksec.com/blog/persistence-aggressor-script/)
267 | 
268 | 
269 | # <a id="bbe1c2fab620850440dbdc9cafad4280"></a>新添加
270 | 
271 | 
272 | ***
273 | 
274 | 
275 | ## <a id="cfa38dd2bfe0bd0fa27d73e7bd2e12f6"></a>工具
276 | 
277 | 
278 | - [**822**星][4m] [aleenzz/cobalt_strike_wiki](https://github.com/aleenzz/cobalt_strike_wiki) Cobalt Strike系列
279 | - [**409**星][2y] [Shell] [killswitch-gui/cobaltstrike-toolkit](https://github.com/killswitch-gui/cobaltstrike-toolkit) Some useful scripts for CobaltStrike
280 | - [**398**星][21d] [Py] [vysecurity/morphhta](https://github.com/vysecurity/morphHTA) morphHTA - Morphing Cobalt Strike's evil.HTA
281 | - [**225**星][4m] [PS] [outflanknl/excel4-dcom](https://github.com/outflanknl/excel4-dcom) PowerShell和Cobalt Strike脚本，通过DCOM执行Excel4.0/XLM宏实现横向渗透（直接向Excel.exe注入Shellcode）
282 | - [**224**星][3m] [gloxec/crossc2](https://github.com/gloxec/crossc2) generate CobaltStrike's cross-platform payload
283 | - [**213**星][18d] [PS] [vysecurity/angrypuppy](https://github.com/vysecurity/ANGRYPUPPY) Bloodhound Attack Path Automation in CobaltStrike
284 | - [**193**星][4m] [PS] [phink-team/cobaltstrike-ms17-010](https://github.com/phink-team/cobaltstrike-ms17-010) cobaltstrike ms17-010 module and some other
285 | - [**190**星][17d] [Py] [threatexpress/cs2modrewrite](https://github.com/threatexpress/cs2modrewrite) Convert Cobalt Strike profiles to modrewrite scripts
286 | - [**150**星][22d] [C#] [josephkingstone/cobalt_strike_extension_kit](https://github.com/josephkingstone/cobalt_strike_extension_kit) Tired of typing execute-assembly everytime you use Cobalt Strike? Clone this.
287 | - [**117**星][5m] [Py] [verctor/cs_xor64](https://github.com/verctor/cs_xor64) cobaltstrike xor64.bin补完计划
288 | - [**115**星][2y] [ridter/cs_chinese_support](https://github.com/ridter/cs_chinese_support) Cobalt strike 修改支持回显中文。
289 | - [**110**星][18d] [fox-it/cobaltstrike-extraneous-space](https://github.com/fox-it/cobaltstrike-extraneous-space) Historical list of {Cobalt Strike,NanoHTTPD} servers
290 | - [**101**星][3y] [Py] [mr-un1k0d3r/sct-obfuscator](https://github.com/mr-un1k0d3r/sct-obfuscator) Cobalt Strike SCT payload obfuscator
291 | - [**91**星][4m] [0xthirteen/staykit](https://github.com/0xthirteen/staykit) Cobalt Strike kit for Persistence
292 | - [**89**星][5m] [C#] [jnqpblc/sharpspray](https://github.com/jnqpblc/sharpspray) SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.
293 | - [**89**星][17d] [Py] [k8gege/scrun](https://github.com/k8gege/scrun) BypassAV ShellCode Loader (Cobaltstrike/Metasploit)
294 | - [**88**星][1y] [Py] [dcsync/pycobalt](https://github.com/dcsync/pycobalt) Cobalt Strike API, Python版本
295 | - [**87**星][1m] [Py] [ryanohoro/csbruter](https://github.com/ryanohoro/csbruter) Cobalt Strike team server password brute force tool
296 | - [**82**星][2y] [java] [anbai-inc/cobaltstrike_hanization](https://github.com/anbai-inc/cobaltstrike_hanization) CobaltStrike 2.5中文汉化版
297 | - [**73**星][4m] [C#] [0xthirteen/movekit](https://github.com/0xthirteen/movekit) Cobalt Strike kit for Lateral Movement
298 | - [**56**星][4m] [1135/1135-cobaltstrike-toolkit](https://github.com/1135/1135-cobaltstrike-toolkit) about CobaltStrike
299 | - [**51**星][3y] [p292/ddeautocs](https://github.com/p292/ddeautocs) A cobaltstrike script that integrates DDEAuto Attacks
300 | - [**45**星][4m] [C#] [jnqpblc/sharptask](https://github.com/jnqpblc/sharptask) SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.
301 | - [**45**星][28d] [vysecurity/cobaltsplunk](https://github.com/vysecurity/CobaltSplunk) Splunk Dashboard for CobaltStrike logs
302 | - [**41**星][3y] [Go] [empty-nest/emptynest](https://github.com/empty-nest/emptynest) 基于插件的 C2 服务器框架。其目标不是取代某些强大的工具（例如 Empire、Metasploit、CobaltStrike），而是创建一个支持框架，以便为自定义 agents 快速创建小型、专用的 handlers
303 | - [**33**星][3m] [tom4t0/cobalt-strike-persistence](https://github.com/tom4t0/cobalt-strike-persistence) cobalt strike 自启动脚本
304 | - [**30**星][5m] [C#] [mr-un1k0d3r/remoteprocessinjection](https://github.com/mr-un1k0d3r/remoteprocessinjection) C# remote process injection utility for Cobalt Strike
305 | - [**29**星][6m] [redteamwing/cobaltstrike_wiki](https://github.com/redteamwing/cobaltstrike_wiki) Cobalt Strike 3.12中文文档
306 | - [**27**星][2m] [johnnydep/cobaltstrike](https://github.com/johnnydep/cobaltstrike) cobalt strike stuff I have gathered from around github
307 | - [**24**星][21d] [HTML] [ridter/cs_custom_404](https://github.com/ridter/cs_custom_404) Cobalt strike custom 404 page
308 | - [**22**星][5m] [Py] [k8gege/pyladon](https://github.com/k8gege/pyladon) Ladon For Python, Large Network Penetration Scanner & Cobalt Strike, vulnerability / exploit / detection / MS17010
309 | - [**19**星][2m] [icebearfriend/quickrundown](https://github.com/icebearfriend/quickrundown) Smart overlay for Cobalt Strike PS function
310 | - [**17**星][4m] [Py] [attactics/cslogwatch](https://github.com/attactics/cslogwatch) Cobalt Strike log state tracking, parsing, and storage
311 | - [**14**星][2m] [TS] [hattmo/c2profilejs](https://github.com/hattmo/c2profilejs) Web UI for creating C2 profiles for Cobalt Strike
312 | - [**9**星][2y] [Zeek] [sjosz/cnc-detection](https://github.com/sjosz/cnc-detection) Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation
313 | - [**3**星][3m] [Shell] [war-horse/docker-cobaltstrike](https://github.com/war-horse/docker-cobaltstrike) A Cobaltstrike container, built for Warhorse
314 | - [**None**星][C++] [outflanknl/spray-ad](https://github.com/outflanknl/spray-ad) A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
315 | - [**None**星][hack2fun/bypassav](https://github.com/hack2fun/bypassav) Cobalt Strike插件，用于快速生成免杀的可执行文件
316 | - [**None**星][PS] [k8gege/powerladon](https://github.com/k8gege/powerladon) Large Network Penetration Scanner & Cobalt Strike, Ladon for PowerShell, vulnerability / exploit / detection / MS17010
317 | 
318 | 
319 | ***
320 | 
321 | 
322 | ## <a id="6368df4dcd53ad109982557bf1062b9d"></a>文章
323 | 
324 | 
325 | - 2020.04 [venus] [渗透利器 Cobalt Strike 在野利用情况专题分析](https://paper.seebug.org/1190/)
326 | - 2020.04 [t00ls] [CobaltStrike Powershell Bypass AV 初探](https://www.t00ls.net/articles-55754.html)
327 | - 2020.04 [securelist] [Loncom packer: from backdoors to Cobalt Strike](https://securelist.com/loncom-packer-from-backdoors-to-cobalt-strike/96465/)
328 | - 2020.03 [freebuf] [Cobalt Strike折腾踩坑填坑记录](https://www.freebuf.com/sectool/229965.html)
329 | - 2020.03 [venus] [Cobalt Strike 4.0 手册——献给渗透测试人员的先进威胁战术](https://paper.seebug.org/1143/)
330 | - 2020.03 [cobaltstrike] [Cobalt Strike joins Core Impact at HelpSystems, LLC](https://blog.cobaltstrike.com/2020/03/04/cobalt-strike-joins-core-impact-at-helpsystems-llc/)
331 | - 2020.02 [freebuf] [精品公开课｜CobaltStrike基础到进阶](https://www.freebuf.com/open/227850.html)
332 | - 2020.01 [malware] [2020-01-21 - HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2020/01/21/index2.html)
333 | - 2020.01 [freebuf] [内网渗透实验：基于Cobaltstrike的一系列实验](https://www.freebuf.com/vuls/224507.html)
334 | - 2019.12 [4hou] [Cobalt Strike的blockdlls利用分析](https://www.4hou.com/technology/22043.html)
335 | - 2019.12 [malware] [2019-12-10 - DATA DUMP: HANCITOR INFECTION WITH URSNIF AND COBALT STRIKE](http://malware-traffic-analysis.net/2019/12/10/index.html)
336 | - 2019.12 [cobaltstrike] [Cobalt Strike 4.0 – Bring Your Own Weaponization](https://blog.cobaltstrike.com/2019/12/05/cobalt-strike-4-0-bring-your-own-weaponization/)
337 | - 2019.11 [ColinHardy] [Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection](https://www.youtube.com/watch?v=XnN_UWfHlNM)
338 | - 2019.11 [3gstudent] [Cobalt Strike的blockdlls利用分析](https://3gstudent.github.io/3gstudent.github.io/Cobalt_Strike%E7%9A%84blockdlls%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90/)
339 | - 2019.11 [ironcastle] [Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike, (Wed, Nov 20th)](https://www.ironcastle.net/hancitor-infection-with-pony-evil-pony-ursnif-and-cobalt-strike-wed-nov-20th/)
340 | - 2019.11 [aliyun] [Cobaltstrike Server持久化 & Cobaltstrike与Metasploit相互派生shell](https://xz.aliyun.com/t/6722)
341 | - 2019.09 [aliyun] [细说Cobalt Strike进程注入](https://xz.aliyun.com/t/6205)
342 | - 2019.09 [aliyun] [CobaltStrike插件开发官方指南 Part3](https://xz.aliyun.com/t/6189)
343 | - 2019.09 [aliyun] [CobaltStrike插件开发官方指南 Part3](https://xz.aliyun.com/t/6188)
344 | - 2019.08 [cobaltstrike] [Cobalt Strike’s Process Injection: The Details](https://blog.cobaltstrike.com/2019/08/21/cobalt-strikes-process-injection-the-details/)
345 | - 2019.08 [freebuf] [利用CobaltStrike捆绑后门的艺术](https://www.freebuf.com/sectool/210416.html)
346 | - 2019.08 [blackhillsinfosec] [Using CloudFront to Relay Cobalt Strike Traffic](https://www.blackhillsinfosec.com/using-cloudfront-to-relay-cobalt-strike-traffic/)
347 | - 2019.08 [aliyun] [CobaltStrike插件开发官方指南 Part2](https://xz.aliyun.com/t/5892)
348 | - 2019.08 [aliyun] [CobaltStrike插件开发官方指南 Part1](https://xz.aliyun.com/t/5887)
349 | - 2019.08 [aliyun] [初探CobaltStrike权限维持及其自动化](https://xz.aliyun.com/t/5881)
350 | - 2019.08 [4hou] [捆绑后门的艺术--CobaltStrike backdoor分析](https://www.4hou.com/tools/19585.html)
351 | - 2019.07 [malware] [2019-07-22 - HANCITOR-STYLE AMADEY MALSPAM PUSHES PONY & COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/25/index.html)
352 | - 2019.07 [malware] [2019-07-22 - HANCITOR SWITCHES TO AMADEY, STILL PUSHING PONY/URSNIF/COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/22/index.html)
353 | - 2019.07 [malware] [2019-07-03 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/03/index.html)
354 | - 2019.07 [malware] [2019-07-02 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/02/index2.html)
355 | - 2019.06 [evi1cg] [Cobalt Strike Spear Phish](https://evi1cg.me/archives/spear_phish.html)
356 | - 2019.05 [rsa] [Detecting Command and Control in RSA NetWitness: Cobalt Strike](https://community.rsa.com/community/products/netwitness/blog/2019/05/28/detecting-command-and-control-in-rsa-netwitness-cobalt-strike)
357 | - 2019.05 [cobaltstrike] [Cobalt Strike 3.14 – Post-Ex Omakase Shimasu](https://blog.cobaltstrike.com/2019/05/02/cobalt-strike-3-14-post-ex-omakase-shimasu/)
358 | - 2019.04 [pentestpartners] [Cobalt Strike. Walkthrough for Red Teamers](https://www.pentestpartners.com/security-blog/cobalt-strike-walkthrough-for-red-teamers/)
359 | - 2019.04 [4hou] [渗透测试神器Cobalt Strike的“双面间谍”身份分析](https://www.4hou.com/web/16613.html)
360 | - 2019.02 [aliyun] [渗透利器Cobalt Strike - 第2篇 APT级的全面免杀与企业纵深防御体系的对抗](https://xz.aliyun.com/t/4191)
361 | - 2019.02 [obscuritylabs] [Installing CobaltStrike on Ubuntu 18.04](https://obscuritylabs.com/blog/2019/02/23/installing-cobaltstrike-on-ubuntu-18-04/)
362 | - 2019.02 [obscuritylabs] [Installing CobaltStrike on Ubuntu 18.04](https://blog.obscuritylabs.com/install/)
363 | - 2019.02 [4hou] [使用Cobalt Strike和Gargoyle绕过杀软的内存扫描](http://www.4hou.com/binary/16203.html)
364 | - 2019.01 [xpnsec] [How to Argue like Cobalt Strike](https://blog.xpnsec.com/how-to-argue-like-cobalt-strike/)
365 | - 2019.01 [cobaltstrike] [Cobalt Strike 3.13 – Why do we argue?](https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/)
366 | - 2018.11 [olafhartong] [Cobalt Strike Remote Threads detection](https://medium.com/p/206372d11d0f)
367 | - 2018.09 [crowdstrike] [Meet CrowdStrike’s Adversary of the Month for September: COBALT SPIDER](https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-september-cobalt-spider/)
368 | - 2018.09 [cobaltstrike] [Cobalt Strike 3.12 – Blink and you’ll miss it](https://blog.cobaltstrike.com/2018/09/06/cobalt-strike-3-12-blink-and-youll-miss-it/)
369 | - 2018.08 [freebuf] [一起来看看Cobaltstrike和Armitage联动能达到什么效果](http://www.freebuf.com/sectool/180395.html)
370 | - 2018.07 [f] [Bypassing Memory Scanners with Cobalt Strike and Gargoyle](https://labs.f-secure.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/)
371 | - 2018.07 [mwrinfosecurity] [利用 Cobalt Strike 和 Gargoyle 绕过内存扫描器](https://labs.mwrinfosecurity.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/)
372 | - 2018.04 [cobaltstrike] [Cobalt Strike 3.11 – The snake that eats its tail](https://blog.cobaltstrike.com/2018/04/09/cobalt-strike-3-11-the-snake-that-eats-its-tail/)
373 | - 2018.04 [4hou] [【更新】Cobalt strike3.8 中文支持](http://www.4hou.com/technology/10933.html)
374 | - 2018.04 [evi1cg] [Cobalt strike3.8 中文支持(Update)](https://evi1cg.me/archives/CS3_8_chinese_support.html)
375 | - 2018.03 [360] [Cobalt Strike：使用混淆技术绕过Windows Defender](https://www.anquanke.com/post/id/101308/)
376 | - 2018.03 [aliyun] [Cobalt Strike——利用混淆处理绕过Windows Defender](https://xz.aliyun.com/t/2173)
377 | - 2018.03 [aliyun] [【软件安全】Patch Cobalt Strike3.8 去除后门并修补功能](https://xz.aliyun.com/t/2170)
378 | - 2018.03 [] [Cobalt Strike Visualizations](https://medium.com/p/e6a6e841e16b)
379 | - 2018.03 [offensiveops] [使用混淆绕过Windows Defender](http://www.offensiveops.io/tools/cobalt-strike-bypassing-windows-defender-with-obfuscation/)
380 | - 2018.03 [360] [Cobalt Strike中DNS隐蔽隧道的利用，以及使用DLP进行检测](https://www.anquanke.com/post/id/99408/)
381 | - 2018.01 [4hou] [cobalt strike OPSEC配置文件简介](http://www.4hou.com/technology/10095.html)
382 | - 2018.01 [bluescreenofjeff] [Cobalt Strike OPSEC Profiles](https://bluescreenofjeff.com/2018-01-23-cobalt-strike-opsec-profiles/)
383 | - 2017.12 [freebuf] [Cobalt Strike实战技巧持久性权限控制姿势](http://www.freebuf.com/sectool/157952.html)
384 | - 2017.12 [cobaltstrike] [Cobalt Strike 3.10 – Хакер vs. 肉雞](https://blog.cobaltstrike.com/2017/12/11/cobalt-strike-3-10-%d1%85%d0%b0%d0%ba%d0%b5%d1%80-vs-%e8%82%89%e9%9b%9e/)
385 | - 2017.12 [threatexpress] [Slack Notifications for Cobalt Strike](http://threatexpress.com/blogs/2016/slack-notifications-for-cobalt-strike/)
386 | - 2017.12 [blackhillsinfosec] [A Morning with Cobalt Strike & Symantec](https://www.blackhillsinfosec.com/morning-cobalt-strike-symantec/)
387 | - 2017.11 [riskiq] [Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions](https://www.riskiq.com/blog/labs/cobalt-strike/)
388 | - 2017.11 [fortinet] [Cobalt Malware Strikes Using CVE-2017-11882 RTF Vulnerability](https://blog.fortinet.com/2017/11/27/cobalt-malware-strikes-using-cve-2017-11882-rtf-vulnerability)
389 | - 2017.11 [fortinet] [FortiGuard Labs 发现利用 RTF 漏洞 CVE-2017-11882 攻击的恶意软件](https://www.fortinet.com/blog/threat-research/cobalt-malware-strikes-using-cve-2017-11882-rtf-vulnerability.html)
390 | - 2017.11 [trendmicro] [黑客组织 Cobalt 利用 CVE-2017-8759漏洞攻击俄国银行](https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/)
391 | - 2017.10 [secvul] [Metasploit和Cobalt Strike的四种联动场景](https://secvul.com/topics/862.html)
392 | - 2017.10 [360] [如何利用Office 365的任务功能搭建Cobalt Strike C2通道](https://www.anquanke.com/post/id/86974/)
393 | - 2017.09 [rsa] [Malspam delivers Cobalt Strike payload 9-19-2017](https://community.rsa.com/community/products/netwitness/blog/2017/09/25/malspam-delivers-cobalt-strike-payload-9-19-2017)
394 | - 2017.09 [mwrinfosecurity] [“Tasking” Office 365 for Cobalt Strike C2](https://labs.mwrinfosecurity.com/blog/tasking-office-365-for-cobalt-strike-c2/)
395 | - 2017.09 [cobaltstrike] [Cobalt Strike 3.9 – Livin’ in a Stager’s Paradise](https://blog.cobaltstrike.com/2017/09/20/cobalt-strike-3-9-livin-in-a-stagers-paradise/)
396 | - 2017.09 [evi1cg] [cobaltstrike3.8 破解版](https://evi1cg.me/archives/CobaltStrike_3_8_Cracked-html.html)
397 | - 2017.06 [vkremez] [Let's Learn (DIY): Sophisticated Cobalt Strike Gang's CVE-2017-0199 Loader](https://www.vkremez.com/2017/06/lets-learn-diy-sophisticated-cobalt.html)
398 | - 2017.05 [cobaltstrike] [Cobalt Strike 3.8 – Who’s Your Daddy?](https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/)
399 | - 2017.05 [freebuf] [Cobalt Strike学习笔记（持续更新）](http://www.freebuf.com/sectool/133369.html)
400 | - 2017.04 [ecforce] [CVE-2017-0199 exploitation with Cobalt Strike tutorial](https://www.secforce.com/blog/2017/04/cve-2017-0199-exploitation-with-cobalt-strike-tutorial/)
401 | - 2017.04 [trustedsec] [Equation Group Dump Analysis and Full RCE on Win7 on MS17-010 with Cobalt Strike](https://www.trustedsec.com/2017/04/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/)
402 | - 2017.04 [aliyun] [Cobalt Strike搭建和使用以及bybass杀软](https://xz.aliyun.com/t/199)
403 | - 2017.03 [cobaltstrike] [Cobalt Strike 3.7 – Cat, Meet Mouse](https://blog.cobaltstrike.com/2017/03/15/cobalt-strike-3-7-cat-meet-mouse/)
404 | - 2017.03 [freebuf] [Cobalt Strike内网穿梭之如何在互联网中建立一个属于自己的Cobalt Strike服务器](http://www.freebuf.com/articles/network/128121.html)
405 | - 2017.02 [zairon] [From RTF to Cobalt Strike passing via Flash](https://zairon.wordpress.com/2017/02/05/from-rtf-to-cobalt-strike-passing-via-flash/)
406 | - 2017.01 [freebuf] [Cobalt strike在内网渗透中的使用](http://www.freebuf.com/sectool/125237.html)
407 | - 2017.01 [inspired] [WMI Persistence with Cobalt Strike](https://blog.inspired-sec.com/archive/2017/01/20/WMI-Persistence.html)
408 | - 2017.01 [freebuf] [利用Cobalt strike一步步教你发送钓鱼邮件](http://www.freebuf.com/sectool/124905.html)
409 | - 2017.01 [freebuf] [提权利器Cobalt Strike发布3.6版本](http://www.freebuf.com/sectool/122742.html)
410 | - 2016.12 [evi1cg] [cobaltstrike3.6 破解版](https://evi1cg.me/archives/CobaltStrike_3_6_Cracked.html)
411 | - 2016.12 [cobaltstrike] [Cobalt Strike 3.6 – A Path for Privilege Escalation](https://blog.cobaltstrike.com/2016/12/08/cobalt-strike-3-6-a-path-for-privilege-escalation/)
412 | - 2016.12 [threatexpress] [Slack Notifications for Cobalt Strike](http://threatexpress.com/2016/12/slack-notifications-for-cobalt-strike/)
413 | - 2016.10 [cobaltstrike] [Cobalt Strike Tapas II](https://blog.cobaltstrike.com/2016/10/19/cobalt-strike-tapas-ii/)
414 | - 2016.10 [cobaltstrike] [Cobalt Strike 3.5.1 – Important Security Update](https://blog.cobaltstrike.com/2016/10/03/cobalt-strike-3-5-1-important-security-update/)
415 | - 2016.09 [cobaltstrike] [Cobalt Strike RCE. Active Exploitation Reported.](https://blog.cobaltstrike.com/2016/09/28/cobalt-strike-rce-active-exploitation-reported/)
416 | - 2016.09 [cobaltstrike] [Cobalt Strike 3.5 – UNIX Post Exploitation](https://blog.cobaltstrike.com/2016/09/22/cobalt-strike-3-5-unix-post-exploitation/)
417 | - 2016.09 [cobaltstrike] [Cobalt Strike Tapas](https://blog.cobaltstrike.com/2016/09/16/cobalt-strike-tapas/)
418 | - 2016.07 [cobaltstrike] [Cobalt Strike 3.4 – Operational Details](https://blog.cobaltstrike.com/2016/07/29/cobalt-strike-3-4-operational-details/)
419 | - 2016.07 [cobaltstrike] [HOWTO: Reset Your Cobalt Strike License Key](https://blog.cobaltstrike.com/2016/07/15/howto-reset-your-cobalt-strike-license-key/)
420 | - 2016.06 [bluescreenofjeff] [Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite](https://bluescreenofjeff.com/2016-06-28-cobalt-strike-http-c2-redirectors-with-apache-mod_rewrite/)
421 | - 2016.05 [freebuf] [CobaltStrike最新版完美破解方法](http://www.freebuf.com/sectool/103766.html)
422 | - 2016.01 [evi1cg] [强化你的Cobalt strike之Cortana](https://evi1cg.me/archives/Cortana.html)
423 | - 2015.12 [freebuf] [在Kali 2.0下安装破解最新版Cobalt Strike](http://www.freebuf.com/sectool/91144.html)
424 | - 2015.11 [evi1cg] [Cobalt strike3.0使用手册](https://evi1cg.me/archives/Cobalt_strike.html)
425 | - 2015.10 [tan6600] [Kali 2.0 安装 Cobalt Strike](https://blog.csdn.net/tan6600/article/details/48845771)
426 | - 2015.09 [] [科普：一条语句破解Cobaltstrike](http://www.91ri.org/14324.html)
427 | - 2015.08 [freebuf] [如何制作Cobalt Strike v2.5破解版](http://www.freebuf.com/sectool/76206.html)
428 | - 2015.01 [freebuf] [自动化攻击测试平台Cobalt Strike v2.3破解版](http://www.freebuf.com/sectool/57810.html)
429 | - 2014.09 [freebuf] [自动化攻击测试平台Cobalt Strike v2.1（破解版）](http://www.freebuf.com/sectool/44629.html)
430 | - 2014.08 [freebuf] [自动化攻击测试平台Cobalt Strike 2.0.49破解版](http://www.freebuf.com/sectool/41031.html)
431 | - 2014.01 [security] [Four Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2014/01/four-days-with-cortana-script-engine.html)
432 | - 2013.12 [security] [Three Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/11/two-days-with-cortana-script-engine.html)
433 | - 2013.12 [security] [Cobalt Strike Report Hosts *Mod*](http://security-is-just-an-illusion.blogspot.com/2013/12/cobalt-strike-report-hosts-mod.html)
434 | - 2013.12 [security] [Two Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/12/two-days-with-cortana-script-engine.html)
435 | - 2013.12 [security] [One Day with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/11/one-day-with-cortana-script-engine.html)
436 | - 2013.12 [freebuf] [自动化攻击测试平台Cobalt Strike 1.48破解版](http://www.freebuf.com/sectool/18888.html)
437 | - 2013.11 [freebuf] [关于”windows 2008如何安装Cobalt Strike”的一些想法](http://www.freebuf.com/articles/system/18180.html)
438 | - 2013.11 [freebuf] [windows 2008如何安装Cobalt Strike](http://www.freebuf.com/articles/others-articles/18096.html)
439 | - 2013.08 [freebuf] [Cobalt Strike Windows版破解](http://www.freebuf.com/sectool/11734.html)
440 | - 2013.04 [freebuf] [Cobalt Strike—Armitage商业版](http://www.freebuf.com/sectool/8445.html)
441 | - 2012.08 [toolswatch] [Blackhat USA 2012: Interview with Raphael Mudge about Armitage (Also Introducing CobaltStrike)](http://www.toolswatch.org/2012/08/blackhat-usa-2012-interview-with-raphael-mudge-about-armitage-also-introducing-cobaltstrike/)
442 | 
443 | 
444 | # 贡献
445 | 内容为系统自动导出, 有任何问题请提issue


--------------------------------------------------------------------------------
/history/CobaltStrike_20200531095202_en.md:
--------------------------------------------------------------------------------
  1 | # [All Resource Collection Projects](https://github.com/alphaSeclab/all-my-collection-repos)
  2 | 
  3 | 
  4 | 
  5 | 
  6 | # CobaltStrike
  7 | 
  8 | 
  9 | - Resources about Cobalt Strike
 10 | 
 11 | 
 12 | # Directory
 13 | - [External C2](#354ab7654ce3b7c2bdaadd4b8cec655a) ->  [(9)Tools](#f68ecdb8fb6ad2a853974daa90aed75d) [(10)Post](#3f8322b76fd5bf27bcced5676ecb23cb)
 14 | - [Malleable C2](#3c7575eb27204dbf1ed80f96706c2967) ->  [(6)Tools](#61838d4bce2285c7772b309c7bf77300) [(10)Post](#803659291490cf303d14af45bfededa8)
 15 | - [Beacon](#403f0531bfef73b0950ebb204f8c943c) ->  [(24)Tools](#d3f40c082e959ea8eb4972d192491986) [(63)Post](#9d08b2a4104484ddea919603692e4efd)
 16 | - [Listener](#3e1518acb4f724d940248244d90c84d3) ->  [(1)Tools](#5a709999cb246f31f15954a28e510804)
 17 | - [Aggressor Script](#a9814deb7dba1a899218c27971bb0143) ->  [(29)Tools](#57402818113a06fa8c16d023ce6fae05) [(8)Post](#bbf6ba0a11dd2a6e0f86469609796fe7)
 18 | - [Recent Add](#bbe1c2fab620850440dbdc9cafad4280) ->  [(39)Tools](#cfa38dd2bfe0bd0fa27d73e7bd2e12f6) [(117)Post](#6368df4dcd53ad109982557bf1062b9d)
 19 | 
 20 | 
 21 | # <a id="354ab7654ce3b7c2bdaadd4b8cec655a"></a>External C2
 22 | 
 23 | 
 24 | ***
 25 | 
 26 | 
 27 | ## <a id="f68ecdb8fb6ad2a853974daa90aed75d"></a>Tools
 28 | 
 29 | 
 30 | - [**325**Star][2y] [C#] [spiderlabs/dohc2](https://github.com/spiderlabs/dohc2) DoHC2 allows the ExternalC2 library from Ryan Hanson (
 31 | - [**222**Star][23d] [PS] [qax-a-team/cobaltstrike-toolset](https://github.com/QAX-A-Team/CobaltStrike-Toolset) Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on
 32 | - [**188**Star][3y] [C#] [ryhanson/externalc2](https://github.com/ryhanson/externalc2) A library for integrating communication channels with the Cobalt Strike External C2 server
 33 | - [**150**Star][26d] [Py] [und3rf10w/external_c2_framework](https://github.com/und3rf10w/external_c2_framework) Python api for usage with cobalt strike's External C2 specification
 34 | - [**140**Star][1m] [C++] [xorrior/raven](https://github.com/xorrior/raven) CobaltStrike External C2 for Websockets
 35 | - [**76**Star][30d] [C] [outflanknl/external_c2](https://github.com/outflanknl/external_c2) POC for Cobalt Strike external C2
 36 | - [**58**Star][1y] [C#] [mdsecactivebreach/browser-externalc2](https://github.com/mdsecactivebreach/browser-externalc2) External C2 Using IE COM Objects
 37 | - [**58**Star][2m] [Py] [truneski/external_c2_framework](https://github.com/truneski/external_c2_framework) Python api for usage with cobalt strike's External C2 specification
 38 | - [**37**Star][3m] [Go] [lz1y/gecc](https://github.com/lz1y/gecc) Cobalt Strike - Go External C2 Client
 39 | 
 40 | 
 41 | ***
 42 | 
 43 | 
 44 | ## <a id="3f8322b76fd5bf27bcced5676ecb23cb"></a>Post
 45 | 
 46 | 
 47 | - 2019.12 [talosintelligence] [WAGO PFC200 iocheckd service "I/O-Check" external tool information exposure vulnerability](https://talosintelligence.com/vulnerability_reports/TALOS-2019-0862)
 48 | - 2019.02 [mdsec] [External C2, IE COM Objects and how to use them for Command and Control](https://www.mdsec.co.uk/2019/02/external-c2-ie-com-objects-and-how-to-use-them-for-command-and-control/)
 49 | - 2018.03 [xpnsec] [Exploring Cobalt Strike's ExternalC2 framework](https://blog.xpnsec.com/exploring-cobalt-strikes-externalc2-framework/)
 50 | - 2013.10 [colinpoflynn] [PLIP DEC2013: Hardware Co-Sim with External Hardware (Serial Port)](https://www.youtube.com/watch?v=g8z5UtcuNyE)
 51 | 
 52 | 
 53 | # <a id="3c7575eb27204dbf1ed80f96706c2967"></a>Malleable C2
 54 | 
 55 | 
 56 | ***
 57 | 
 58 | 
 59 | ## <a id="61838d4bce2285c7772b309c7bf77300"></a>Tools
 60 | 
 61 | 
 62 | - [**462**Star][2y] [rsmudge/malleable-c2-profiles](https://github.com/rsmudge/malleable-c2-profiles) Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.
 63 | - [**217**Star][2y] [Py] [bluscreenofjeff/malleable-c2-randomizer](https://github.com/bluscreenofjeff/malleable-c2-randomizer) A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls
 64 | - [**205**Star][23d] [threatexpress/malleable-c2](https://github.com/threatexpress/malleable-c2) Cobalt Strike Malleable C2 Design and Reference Guide
 65 | - [**105**Star][9m] [xx0hcd/malleable-c2-profiles](https://github.com/xx0hcd/malleable-c2-profiles) Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike
 66 | - [**41**Star][3y] [bluscreenofjeff/malleablec2profiles](https://github.com/bluscreenofjeff/malleablec2profiles) Malleable C2 profiles for Cobalt Strike
 67 | - [**None**Star][Py] [fortynorthsecurity/c2concealer](https://github.com/fortynorthsecurity/c2concealer) C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.
 68 | 
 69 | 
 70 | ***
 71 | 
 72 | 
 73 | ## <a id="803659291490cf303d14af45bfededa8"></a>Post
 74 | 
 75 | 
 76 | - 2018.09 [specterops] [A Deep Dive into Cobalt Strike Malleable C2](https://medium.com/p/6660e33b0e0b)
 77 | - 2018.09 [threatexpress] [A Deep Dive into Cobalt Strike Malleable C2](http://threatexpress.com/2018/09/a-deep-dive-into-cobalt-strike-malleable-c2/)
 78 | - 2018.09 [threatexpress] [A Deep Dive into Cobalt Strike Malleable C2](http://threatexpress.com/blogs/2018/a-deep-dive-into-cobalt-strike-malleable-c2/)
 79 | - 2018.06 [cobaltstrike] [Broken Promises and Malleable C2 Profiles](https://blog.cobaltstrike.com/2018/06/04/broken-promises-and-malleable-c2-profiles/)
 80 | - 2018.01 [threatexpress] [Automating Apache mod_rewrite and Cobalt Strike Malleable C2 for Intelligent Redirection](http://threatexpress.com/2018/02/automating-cobalt-strike-profiles-apache-mod_rewrite-htaccess-files-intelligent-c2-redirection/)
 81 | - 2017.08 [bluescreenofjeff] [Randomized Malleable C2 Profiles Made Easy](https://bluescreenofjeff.com/2017-08-30-randomized-malleable-c2-profiles-made-easy/)
 82 | - 2017.01 [bluescreenofjeff] [How to Write Malleable C2 Profiles for Cobalt Strike](https://bluescreenofjeff.com/2017-01-24-how-to-write-malleable-c2-profiles-for-cobalt-strike/)
 83 | - 2014.07 [harmj0y] [A Brave New World: Malleable C2](http://www.harmj0y.net/blog/redteaming/a-brave-new-world-malleable-c2/)
 84 | 
 85 | 
 86 | # <a id="403f0531bfef73b0950ebb204f8c943c"></a>Beacon
 87 | 
 88 | 
 89 | ***
 90 | 
 91 | 
 92 | ## <a id="d3f40c082e959ea8eb4972d192491986"></a>Tools
 93 | 
 94 | 
 95 | - [**244**Star][6m] [PS] [rsmudge/elevatekit](https://github.com/rsmudge/elevatekit) The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
 96 | - [**193**Star][17d] [Go] [darkr4y/geacon](https://github.com/darkr4y/geacon) Practice Go programming and implement CobaltStrike's Beacon in Go
 97 | - [**129**Star][2m] [JS] [dermike/slide-beacon-app](https://github.com/dermike/slide-beacon-app) Share links from your Mac using this app to broadcast them as a Physical Web Eddystone URL bluetooth beacon or mDNS.
 98 | - [**115**Star][4m] [HTML] [romanemelyanov/cobaltstrikeforensic](https://github.com/romanemelyanov/cobaltstrikeforensic) Toolset for research malware and Cobalt Strike beacons
 99 | - [**71**Star][6m] [Py] [daddycocoaman/beacongraph](https://github.com/daddycocoaman/beacongraph) Graph visualization of wireless client and access point relationships
100 | - [**59**Star][24d] [Go] [averagesecurityguy/c2](https://github.com/averagesecurityguy/c2) A simple, extensible C&C beaconing system.
101 | - [**57**Star][2m] [Shell] [cyb0r9/network-attacker](https://github.com/Cyb0r9/network-attacker) Programmed For Penetration Testing Beginners . This Program Based on Mdk3 . "WiFi Stress Testing Beacon Flooding & Deauthentication Attack "
102 | - [**56**Star][24d] [HTML] [aravinthpanch/rssi](https://github.com/aravinthpanch/rssi) Indoor localisation using RSSI. RSSI is received signal strength indicator in IEEE 802.11 beacon packet to announce the presence of WiFi.This tool was built to study & visualize the data collected in the experiments. This was done at Telecommunications Network Group (TKN), Berlin as part of EVARILOS.
103 | - [**50**Star][2m] [001spartan/csfm](https://github.com/001spartan/csfm) Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.
104 | - [**45**Star][10m] [JS] [dermike/physical-web-scan-app](https://github.com/dermike/physical-web-scan-app) Mac OSX desktop client app to scan for Physical Web (Eddystone) bluetooth beacons
105 | - [**39**Star][4m] [C++] [lijuno/nrf24_ble](https://github.com/lijuno/nRF24_BLE) Hacking nRF24L01+ as a low-cost BLE beacon
106 | - [**30**Star][5m] [chriso0710/pikiosk](https://github.com/chriso0710/pikiosk) Automate Chromium in kiosk mode and Eddystone beacon on Raspberry Pi Raspbian Jessie with Ansible. Use a single command to update the kiosk and Eddystone URLs on all machines.
107 | - [**29**Star][24d] [TS] [iot-makers/sigfox-platform](https://github.com/iot-makers/sigfox-platform) Open Source platform to display and parse Sigfox messages in real time with Sigfox, GPS, WiFi & beacon geolocalisation
108 | - [**25**Star][9m] [C] [clockfort/wifi-locator](https://github.com/clockfort/wifi-locator) Determines physical location of station judging from 802.11 beacons' BSSID/Signal/Noise/Quality information.
109 | - [**20**Star][5m] [C++] [6e726d/native-wifi-api-beacon-sniffer](https://github.com/6e726d/native-wifi-api-beacon-sniffer) Tool that dumps beacon frames to a pcap file. Works on Windows Vista or Later with any Wireless Card.
110 | - [**14**Star][23d] [Py] [mlodic/ursnif_beacon_decryptor](https://github.com/mlodic/ursnif_beacon_decryptor) Ursnif beacon decryptor
111 | - [**12**Star][1m] [Go] [wahyuhadi/beacon-c2-go](https://github.com/wahyuhadi/beacon-c2-go) backdoor c2
112 | - [**11**Star][3m] [Dockerfile] [d3vzer0/cnc-relay](https://github.com/d3vzer0/cnc-relay) Docker projects to retain beacon source IPs using C2 relaying infra
113 | - [**10**Star][2y] [C] [wifimon/wifimon](https://github.com/wifimon/wifimon) Wi-fi 802.11 Beacon Frame sniffer
114 | - [**9**Star][3y] [C] [loukamb/beacon](https://github.com/loukamb/beacon) Lightweight, header-only C++ IPC library for Windows operating systems (Vista+) using advanced local procedure calls
115 | - [**9**Star][4m] [Py] [ajackal/cherrywasp](https://github.com/ajackal/cherrywasp) An 802.11 probe request and beacon sniffer.
116 | - [**2**Star][9m] [Shell] [b3n-j4m1n/flood-kick-sniff](https://github.com/b3n-j4m1n/flood-kick-sniff) Known Beacons attack tool
117 | - [**2**Star][5m] [Shell] [op7ic/rt-officebeaconbox](https://github.com/op7ic/rt-officebeaconbox) Simple Office-based beacon that calls back to your server for phishing exercises.
118 | - [**None**Star][C++] [rvn0xsy/linco2](https://github.com/rvn0xsy/linco2) 模拟Cobalt Strike的Beacon与C2通信过程，实现了基于HTTP协议的Linux C2
119 | 
120 | 
121 | ***
122 | 
123 | 
124 | ## <a id="9d08b2a4104484ddea919603692e4efd"></a>Post
125 | 
126 | 
127 | - 2020.05 [pentestpartners] [Short beacon analysis on the NHS iOS Tracking application](https://www.pentestpartners.com/security-blog/short-beacon-analysis-on-the-nhs-ios-tracking-application/)
128 | - 2020.05 [findingbad] [Hunting for Beacons Part 2](http://findingbad.blogspot.com/2020/05/hunting-for-beacons-part-2.html)
129 | - 2020.05 [findingbad] [Hunting for Beacons](http://findingbad.blogspot.com/2020/05/hunting-for-beacons.html)
130 | - 2020.04 [activecountermeasures] [Threat Simulation – Beacons](https://www.activecountermeasures.com/threat-simulation-beacons/)
131 | - 2020.04 [tindie] [UHF Radio Beacon for Lost RC Models](https://blog.tindie.com/2020/04/uhf-radio-beacon-lost-rc-models/)
132 | - 2020.03 [blackhillsinfosec] [Detecting Malware Beacons With Zeek and RITA](https://www.blackhillsinfosec.com/detecting-malware-beacons-with-zeek-and-rita/)
133 | - 2020.01 [fox] [Hunting for beacons](https://blog.fox-it.com/2020/01/15/hunting-for-beacons/)
134 | - 2019.11 [s0lst1c3] [Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks](https://posts.specterops.io/modern-wireless-attacks-pt-ii-mana-and-known-beacon-attacks-97a359d385f9)
135 | - 2019.10 [specterops] [Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks](https://medium.com/p/97a359d385f9)
136 | - 2019.08 [TechMinds] [Hunting LF/MF/HF Beacons With An Airspy HF+ Discovery](https://www.youtube.com/watch?v=PduaBOMPlz4)
137 | - 2019.05 [activecountermeasures] [Detecting Beacons With Jitter](https://www.activecountermeasures.com/detecting-beacons-with-jitter/)
138 | - 2019.04 [activecountermeasures] [Simplifying Beacon Analysis through Big Data Analysis](https://www.activecountermeasures.com/simplifying-beacon-analysis-through-big-data-analysis/)
139 | - 2019.04 [NDSSSymposium] [NDSS 2019  MBeacon: Privacy-Preserving Beacons for DNA Methylation Data](https://www.youtube.com/watch?v=ZF78gBfppfM)
140 | - 2019.02 [sensorfu] [SensorFu Beacon How To: 3 steps to always know if your isolated Linux leaks](https://medium.com/p/e2206252782c)
141 | - 2019.02 [sensorfu] [Deploying SensorFu Beacon Windows Application with GPO](https://medium.com/p/530e315f25a)
142 | - 2019.02 [rapid7] [Smart Sensors: A Look at Beacon Security](https://blog.rapid7.com/2019/02/05/smart-sensors-a-look-at-beacon-security/)
143 | - 2019.02 [sensorfu] [Using SensorFu Beacon to supplement Threat Intel](https://medium.com/p/ff8dc1a3bfb8)
144 | - 2018.12 [nviso] [TLS beaconing detection using ee-outliers and Elasticsearch](https://blog.nviso.be/2018/12/11/tls-beaconing-detection-using-ee-outliers-and-elasticsearch/)
145 | - 2018.11 [DEFCONConference] [DEF CON 26 HARDWARE HACKING VILLAGE - John Aho -  WiFi Beacons will give you up](https://www.youtube.com/watch?v=1XoxtcBGga0)
146 | - 2018.10 [NullByte] [Track & Connect to Smartphones with a Beacon Swarm [Tutorial]](https://www.youtube.com/watch?v=o95Or-Z_Ybk)
147 | - 2018.09 [blackhillsinfosec] [PODCAST: Beacon Analysis](https://www.blackhillsinfosec.com/beaconanalysis/)
148 | - 2018.09 [activecountermeasures] [Threat Hunting Beacon Analysis Webcast from September 11, 2018](https://www.activecountermeasures.com/threat-hunting-beacon-analysis-webcast-from-september-11-2018/)
149 | - 2018.08 [activecountermeasures] [Threat Hunting – Simplifying The Beacon Analysis Process](https://www.activecountermeasures.com/threat-hunting-simplifying-the-beacon-analysis-process/)
150 | - 2018.08 [activecountermeasures] [Beacon Analysis – The Key to Cyber Threat Hunting](https://www.activecountermeasures.com/blog-beacon-analysis-the-key-to-cyber-threat-hunting/)
151 | - 2018.08 [jpcert] [Volatility Plugin for Detecting Cobalt Strike Beacon](https://blog.jpcert.or.jp/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html)
152 | - 2018.08 [jpcert] [Volatility Plugin for Detecting Cobalt Strike Beacon](https://blogs.jpcert.or.jp/en/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html)
153 | - 2018.04 [activecountermeasures] [New Beacon Graph in the Works](https://www.activecountermeasures.com/new-beacon-graph-in-the-works/)
154 | - 2018.04 [rvrsh3ll] [Redirecting Cobalt Strike DNS Beacons](https://medium.com/p/e3dcdb5a8b9b)
155 | - 2018.02 [census] [The Known Beacons Attack (34th Chaos Communication Congress)](https://census-labs.com/news/2018/02/01/known-beacons-attack-34c3/)
156 | - 2017.06 [cobaltstrike] [OPSEC Considerations for Beacon Commands](https://blog.cobaltstrike.com/2017/06/23/opsec-considerations-for-beacon-commands/)
157 | - 2017.06 [social] [Web Beacons for Social Engineering Reconnaissance](https://www.social-engineer.org/general-blog/web-beacons-social-engineering-reconnaissance/)
158 | - 2017.06 [austintaylor] [Detect Beaconing with Flare, Elastic Stack, and Intrusion Detection Systems](http://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/)
159 | - 2017.06 [longtermsec] [Chrome just hardened the Navigator Beacon API against Cross-Site-Request-Forgery (CSRF)](https://medium.com/p/690239ccccf)
160 | - 2016.11 [jerrygamblin] [Spoofing Beacon Frames From The 5000 Most Common SSIDS](https://jerrygamblin.com/2016/11/27/spoofing-the-top-5000-ssids/)
161 | - 2016.10 [rvrsh3ll] [Redirecting Cobalt Strike DNS Beacons](http://www.rvrsh3ll.net/blog/offensive/redirecting-cobalt-strike-dns-beacons/)
162 | - 2016.09 [christophertruncer] [Receiving Text Messages for your Incoming Beacons](https://www.christophertruncer.com/receiving-text-messages-for-your-incoming-beacons/)
163 | - 2016.07 [] [Forging WiFi Beacon Frames Using Scapy](https://www.4armed.com/blog/forging-wifi-beacon-frames-using-scapy/)
164 | - 2016.05 [breakpoint] [Using Python to Decrypt Dispind.A and Helminth HTTP Beacons](https://breakpoint-labs.com/blog/using-python-to-decrypt-dispind-a-and-helminth-http-beacons/)
165 | - 2016.05 [arxiv] [[1605.04559] Bitcoin Beacon](https://arxiv.org/abs/1605.04559)
166 | - 2015.11 [alienvault] [Ultrasound Tracking Beacons Making Things Sort of Creepy For Consumers](https://www.alienvault.com/blogs/security-essentials/ultrasound-tracking-beacons-making-things-sort-of-creepy-for-consumers)
167 | - 2015.10 [z4ziggy] [Exploring Bluetooth & iBeacons – from software to radio signals and back.](https://z4ziggy.wordpress.com/2015/10/01/exploring-bluetooth-and-ibeacons-from-software-to-radio-signals-and-back/)
168 | - 2015.09 [christophertruncer] [Upgrading Your Shells to Beacons](https://www.christophertruncer.com/upgrade-your-shells-to-beacons/)
169 | - 2015.07 [securitykitten] [Finding Beacons With Bro](http://securitykitten.github.io/finding-beacons-with-bro/)
170 | - 2015.04 [arxiv] [[1504.07192] Location-aware sign-on and key exchange using attribute-based encryption and Bluetooth beacons](https://arxiv.org/abs/1504.07192)
171 | - 2015.01 [securityriskadvisors] [Beaconing Past McAfee ePO](http://securityriskadvisors.com/blog/post/beaconing-past-mcafee-epo/)
172 | - 2014.10 [sans] [CSAM: Be Wary of False Beacons](https://isc.sans.edu/forums/diary/CSAM+Be+Wary+of+False+Beacons/18813/)
173 | - 2014.05 [rsa] [Sality Botnet Beacons Change- How to Detect It](https://community.rsa.com/community/products/netwitness/blog/2014/05/09/sality-botnet-beacons-change-how-to-detect-it)
174 | - 2014.05 [metaflows] [Got Beacons?](https://www.metaflows.com/blog/got-beacons/)
175 | - 2014.02 [rsa] [Detecting the Zusy Botnet Beaconing](https://community.rsa.com/community/products/netwitness/blog/2014/02/20/detecting-the-zusy-botnet-beaconing)
176 | - 2012.12 [arxiv] [[1212.2404] A beaconing approach whith key exchange in vehicular ad hoc networks](https://arxiv.org/abs/1212.2404)
177 | - 2012.10 [toolswatch] [New feature “Beacon” added to Cobalt Strike](http://www.toolswatch.org/2012/10/new-feature-beacon-added-to-cobalt-strike/)
178 | - 2012.07 [talosintelligence] [Banking Trojan Spread Via UPS Phish Uses 0xDEADBEEF Beacon](https://blog.talosintelligence.com/2012/07/banking-trojan-spread-via-ups-phish.html)
179 | 
180 | 
181 | # <a id="3e1518acb4f724d940248244d90c84d3"></a>Listener
182 | 
183 | 
184 | ***
185 | 
186 | 
187 | ## <a id="5a709999cb246f31f15954a28e510804"></a>Tools
188 | 
189 | 
190 | - [**49**Star][20d] [Shell] [taherio/redi](https://github.com/taherio/redi) Automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt)
191 | 
192 | 
193 | # <a id="a9814deb7dba1a899218c27971bb0143"></a>Aggressor Script
194 | 
195 | 
196 | ***
197 | 
198 | 
199 | ## <a id="57402818113a06fa8c16d023ce6fae05"></a>Tools
200 | 
201 | 
202 | - [**758**Star][8m] [C#] [harleyqu1nn/aggressorscripts](https://github.com/harleyqu1nn/aggressorscripts) Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
203 | - [**378**Star][2y] [bluscreenofjeff/aggressorscripts](https://github.com/bluscreenofjeff/aggressorscripts) Aggressor scripts for use with Cobalt Strike 3.0+
204 | - [**369**Star][18d] [Java] [rsmudge/cortana-scripts](https://github.com/rsmudge/cortana-scripts) A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called Aggressor Script.
205 | - [**252**Star][3y] [PS] [und3rf10w/aggressor-scripts](https://github.com/und3rf10w/aggressor-scripts) Aggressor scripts I've made for Cobalt Strike
206 | - [**215**Star][2y] [C#] [spiderlabs/sharpcompile](https://github.com/spiderlabs/sharpcompile) SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing…
207 | - [**175**Star][22d] [uknowsec/sharptoolsaggressor](https://github.com/uknowsec/sharptoolsaggressor) 内网渗透中常用的c#程序整合成cs脚本，直接内存加载。持续更新~
208 | - [**174**Star][2y] [ramen0x3f/aggressorscripts](https://github.com/ramen0x3f/aggressorscripts)  audit your machines or machines you're authorized to audit
209 | - [**144**Star][4m] [PS] [vysecurity/aggressor-vysec](https://github.com/vysecurity/Aggressor-VYSEC) CobaltStrike Aggressor Scripts
210 | - [**126**Star][2y] [zonksec/persistence-aggressor-script](https://github.com/zonksec/persistence-aggressor-script) initial commit
211 | - [**102**Star][2y] [PS] [rhinosecuritylabs/aggressor-scripts](https://github.com/rhinosecuritylabs/aggressor-scripts) Aggregation of Cobalt Strike's aggressor scripts.
212 | - [**101**Star][27d] [001spartan/aggressor_scripts](https://github.com/001spartan/aggressor_scripts) A collection of useful scripts for Cobalt Strike
213 | - [**97**Star][2y] [PS] [rasta-mouse/aggressor-script](https://github.com/rasta-mouse/aggressor-script) Collection of Aggressor Scripts for Cobalt Strike
214 | - [**93**Star][4m] [Py] [fortynorthsecurity/aggressorassessor](https://github.com/fortynorthsecurity/aggressorassessor) Aggressor scripts for phases of a pen test or red team assessment
215 | - [**87**Star][22d] [k8gege/aggressor](https://github.com/k8gege/Aggressor) Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force
216 | - [**87**Star][22d] [k8gege/aggressor](https://github.com/k8gege/aggressor) Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force
217 | - [**73**Star][27d] [vysecurity/cve-2018-4878](https://github.com/vysecurity/CVE-2018-4878) Aggressor Script to launch IE driveby for CVE-2018-4878
218 | - [**68**Star][2y] [tevora-threat/powerview3-aggressor](https://github.com/tevora-threat/powerview3-aggressor) Cobalt Strike Aggressor script menu for Powerview/SharpView
219 | - [**57**Star][2y] [PS] [invokethreatguy/csasc](https://github.com/invokethreatguy/csasc) Cobalt Strike Aggressor Script Collection
220 | - [**46**Star][4m] [Py] [coalfire-research/vampire](https://github.com/coalfire-research/vampire) Vampire is an aggressor script which integrates with BloodHound to mark nodes as owned.
221 | - [**46**Star][16d] [JS] [threatexpress/aggressor-scripts](https://github.com/threatexpress/aggressor-scripts) Cobalt Strike Aggressor Scripts
222 | - [**43**Star][27d] [tevora-threat/aggressor-powerview](https://github.com/tevora-threat/aggressor-powerview) PowerView menu for Cobalt Strike
223 | - [**39**Star][2y] [secgroundzero/cs-aggressor-scripts](https://github.com/secgroundzero/cs-aggressor-scripts) Aggressor Scripts for Cobalt Strike
224 | - [**30**Star][17d] [mgeeky/cobalt-arsenal](https://github.com/mgeeky/cobalt-arsenal) My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
225 | - [**25**Star][6m] [scanfsec/cve-2018-15982](https://github.com/scanfsec/cve-2018-15982) Aggressor Script to launch IE driveby for CVE-2018-15982.
226 | - [**22**Star][3y] [PS] [oldb00t/aggressorscripts](https://github.com/oldb00t/aggressorscripts) Cobaltstrike Aggressor Scripts
227 | - [**22**Star][12m] [superdong0/aggressor_mail](https://github.com/superdong0/aggressor_mail) beacon,aggressor-scripts,cna,cobalt-strike,email
228 | - [**18**Star][3m] [mdsecactivebreach/execute-githubassembly-aggressor](https://github.com/mdsecactivebreach/execute-githubassembly-aggressor) Aggressor Script to Execute Assemblies from Github
229 | - [**1**Star][8m] [kingsabri/aggressorscripts](https://github.com/kingsabri/aggressorscripts) A collection of Cobalt Strike aggressor scripts
230 | - [**None**Star][C] [timwhitez/cobalt-strike-aggressor-scripts](https://github.com/timwhitez/cobalt-strike-aggressor-scripts) Cobalt Strike Aggressor 插件包
231 | 
232 | 
233 | ***
234 | 
235 | 
236 | ## <a id="bbf6ba0a11dd2a6e0f86469609796fe7"></a>Post
237 | 
238 | 
239 | - 2019.06 [rastamouse] [The Return of Aggressor](https://rastamouse.me/2019/06/the-return-of-aggressor/)
240 | - 2018.07 [tevora] [A SharpView and More Aggressor](https://threat.tevora.com/a-sharpview-and-more-aggressor/)
241 | - 2018.03 [tevora] [Aggressor PowerView](http://threat.tevora.com/aggressor-powerview/)
242 | - 2018.03 [] [Aggressor 101: Unleashing Cobalt Strike for Fun and Profit](https://medium.com/p/879bf22cea31)
243 | - 2016.11 [bluescreenofjeff] [Beaconpire - Cobalt Strike and Empire Interoperability with Aggressor Script](https://bluescreenofjeff.com/2016-11-29-beaconpire-cobalt-strike-and-empire-interoperability-with-aggressor-script/)
244 | - 2016.09 [bluescreenofjeff] [Adding Easy GUIs to Aggressor Scripts](https://bluescreenofjeff.com/2016-09-07-adding-easy-guis-to-aggressor-scripts/)
245 | - 2016.05 [zonksec] [Persistence Aggressor Script](https://zonksec.com/blog/persistence-aggressor-script/)
246 | 
247 | 
248 | # <a id="bbe1c2fab620850440dbdc9cafad4280"></a>Recent Add
249 | 
250 | 
251 | ***
252 | 
253 | 
254 | ## <a id="cfa38dd2bfe0bd0fa27d73e7bd2e12f6"></a>Tools
255 | 
256 | 
257 | - [**822**Star][4m] [aleenzz/cobalt_strike_wiki](https://github.com/aleenzz/cobalt_strike_wiki) Cobalt Strike系列
258 | - [**409**Star][2y] [Shell] [killswitch-gui/cobaltstrike-toolkit](https://github.com/killswitch-gui/cobaltstrike-toolkit) Some useful scripts for CobaltStrike
259 | - [**398**Star][21d] [Py] [vysecurity/morphhta](https://github.com/vysecurity/morphHTA) morphHTA - Morphing Cobalt Strike's evil.HTA
260 | - [**225**Star][4m] [PS] [outflanknl/excel4-dcom](https://github.com/outflanknl/excel4-dcom) PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
261 | - [**224**Star][3m] [gloxec/crossc2](https://github.com/gloxec/crossc2) generate CobaltStrike's cross-platform payload
262 | - [**213**Star][18d] [PS] [vysecurity/angrypuppy](https://github.com/vysecurity/ANGRYPUPPY) Bloodhound Attack Path Automation in CobaltStrike
263 | - [**193**Star][4m] [PS] [phink-team/cobaltstrike-ms17-010](https://github.com/phink-team/cobaltstrike-ms17-010) cobaltstrike ms17-010 module and some other
264 | - [**190**Star][17d] [Py] [threatexpress/cs2modrewrite](https://github.com/threatexpress/cs2modrewrite) Convert Cobalt Strike profiles to modrewrite scripts
265 | - [**150**Star][22d] [C#] [josephkingstone/cobalt_strike_extension_kit](https://github.com/josephkingstone/cobalt_strike_extension_kit) Tired of typing execute-assembly everytime you use Cobalt Strike? Clone this.
266 | - [**117**Star][5m] [Py] [verctor/cs_xor64](https://github.com/verctor/cs_xor64) cobaltstrike xor64.bin补完计划
267 | - [**115**Star][2y] [ridter/cs_chinese_support](https://github.com/ridter/cs_chinese_support) Cobalt strike 修改支持回显中文。
268 | - [**110**Star][18d] [fox-it/cobaltstrike-extraneous-space](https://github.com/fox-it/cobaltstrike-extraneous-space) Historical list of {Cobalt Strike,NanoHTTPD} servers
269 | - [**101**Star][3y] [Py] [mr-un1k0d3r/sct-obfuscator](https://github.com/mr-un1k0d3r/sct-obfuscator) Cobalt Strike SCT payload obfuscator
270 | - [**91**Star][4m] [0xthirteen/staykit](https://github.com/0xthirteen/staykit) Cobalt Strike kit for Persistence
271 | - [**89**Star][5m] [C#] [jnqpblc/sharpspray](https://github.com/jnqpblc/sharpspray) SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.
272 | - [**89**Star][17d] [Py] [k8gege/scrun](https://github.com/k8gege/scrun) BypassAV ShellCode Loader (Cobaltstrike/Metasploit)
273 | - [**88**Star][1y] [Py] [dcsync/pycobalt](https://github.com/dcsync/pycobalt) Cobalt Strike API, Python版本
274 | - [**87**Star][1m] [Py] [ryanohoro/csbruter](https://github.com/ryanohoro/csbruter) Cobalt Strike team server password brute force tool
275 | - [**82**Star][2y] [java] [anbai-inc/cobaltstrike_hanization](https://github.com/anbai-inc/cobaltstrike_hanization) CobaltStrike 2.5中文汉化版
276 | - [**73**Star][4m] [C#] [0xthirteen/movekit](https://github.com/0xthirteen/movekit) Cobalt Strike kit for Lateral Movement
277 | - [**56**Star][4m] [1135/1135-cobaltstrike-toolkit](https://github.com/1135/1135-cobaltstrike-toolkit) about CobaltStrike
278 | - [**51**Star][3y] [p292/ddeautocs](https://github.com/p292/ddeautocs) A cobaltstrike script that integrates DDEAuto Attacks
279 | - [**45**Star][4m] [C#] [jnqpblc/sharptask](https://github.com/jnqpblc/sharptask) SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.
280 | - [**45**Star][28d] [vysecurity/cobaltsplunk](https://github.com/vysecurity/CobaltSplunk) Splunk Dashboard for CobaltStrike logs
281 | - [**41**Star][3y] [Go] [empty-nest/emptynest](https://github.com/empty-nest/emptynest) a plugin based C2 server framework
282 | - [**33**Star][3m] [tom4t0/cobalt-strike-persistence](https://github.com/tom4t0/cobalt-strike-persistence) cobalt strike 自启动脚本
283 | - [**30**Star][5m] [C#] [mr-un1k0d3r/remoteprocessinjection](https://github.com/mr-un1k0d3r/remoteprocessinjection) C# remote process injection utility for Cobalt Strike
284 | - [**29**Star][6m] [redteamwing/cobaltstrike_wiki](https://github.com/redteamwing/cobaltstrike_wiki) Cobalt Strike 3.12中文文档
285 | - [**27**Star][2m] [johnnydep/cobaltstrike](https://github.com/johnnydep/cobaltstrike) cobalt strike stuff I have gathered from around github
286 | - [**24**Star][21d] [HTML] [ridter/cs_custom_404](https://github.com/ridter/cs_custom_404) Cobalt strike custom 404 page
287 | - [**22**Star][5m] [Py] [k8gege/pyladon](https://github.com/k8gege/pyladon) Ladon For Python, Large Network Penetration Scanner & Cobalt Strike, vulnerability / exploit / detection / MS17010
288 | - [**19**Star][2m] [icebearfriend/quickrundown](https://github.com/icebearfriend/quickrundown) Smart overlay for Cobalt Strike PS function
289 | - [**17**Star][4m] [Py] [attactics/cslogwatch](https://github.com/attactics/cslogwatch) Cobalt Strike log state tracking, parsing, and storage
290 | - [**14**Star][2m] [TS] [hattmo/c2profilejs](https://github.com/hattmo/c2profilejs) Web UI for creating C2 profiles for Cobalt Strike
291 | - [**9**Star][2y] [Zeek] [sjosz/cnc-detection](https://github.com/sjosz/cnc-detection) Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation
292 | - [**3**Star][3m] [Shell] [war-horse/docker-cobaltstrike](https://github.com/war-horse/docker-cobaltstrike) A Cobaltstrike container, built for Warhorse
293 | - [**None**Star][C++] [outflanknl/spray-ad](https://github.com/outflanknl/spray-ad) A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
294 | - [**None**Star][hack2fun/bypassav](https://github.com/hack2fun/bypassav) Cobalt Strike插件，用于快速生成免杀的可执行文件
295 | - [**None**Star][PS] [k8gege/powerladon](https://github.com/k8gege/powerladon) Large Network Penetration Scanner & Cobalt Strike, Ladon for PowerShell, vulnerability / exploit / detection / MS17010
296 | 
297 | 
298 | ***
299 | 
300 | 
301 | ## <a id="6368df4dcd53ad109982557bf1062b9d"></a>Post
302 | 
303 | 
304 | - 2020.04 [securelist] [Loncom packer: from backdoors to Cobalt Strike](https://securelist.com/loncom-packer-from-backdoors-to-cobalt-strike/96465/)
305 | - 2020.03 [cobaltstrike] [Cobalt Strike joins Core Impact at HelpSystems, LLC](https://blog.cobaltstrike.com/2020/03/04/cobalt-strike-joins-core-impact-at-helpsystems-llc/)
306 | - 2020.01 [malware] [2020-01-21 - HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2020/01/21/index2.html)
307 | - 2019.12 [malware] [2019-12-10 - DATA DUMP: HANCITOR INFECTION WITH URSNIF AND COBALT STRIKE](http://malware-traffic-analysis.net/2019/12/10/index.html)
308 | - 2019.12 [cobaltstrike] [Cobalt Strike 4.0 – Bring Your Own Weaponization](https://blog.cobaltstrike.com/2019/12/05/cobalt-strike-4-0-bring-your-own-weaponization/)
309 | - 2019.11 [ColinHardy] [Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection](https://www.youtube.com/watch?v=XnN_UWfHlNM)
310 | - 2019.11 [ironcastle] [Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike, (Wed, Nov 20th)](https://www.ironcastle.net/hancitor-infection-with-pony-evil-pony-ursnif-and-cobalt-strike-wed-nov-20th/)
311 | - 2019.08 [cobaltstrike] [Cobalt Strike’s Process Injection: The Details](https://blog.cobaltstrike.com/2019/08/21/cobalt-strikes-process-injection-the-details/)
312 | - 2019.08 [blackhillsinfosec] [Using CloudFront to Relay Cobalt Strike Traffic](https://www.blackhillsinfosec.com/using-cloudfront-to-relay-cobalt-strike-traffic/)
313 | - 2019.07 [malware] [2019-07-22 - HANCITOR-STYLE AMADEY MALSPAM PUSHES PONY & COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/25/index.html)
314 | - 2019.07 [malware] [2019-07-22 - HANCITOR SWITCHES TO AMADEY, STILL PUSHING PONY/URSNIF/COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/22/index.html)
315 | - 2019.07 [malware] [2019-07-03 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/03/index.html)
316 | - 2019.07 [malware] [2019-07-02 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/02/index2.html)
317 | - 2019.05 [rsa] [Detecting Command and Control in RSA NetWitness: Cobalt Strike](https://community.rsa.com/community/products/netwitness/blog/2019/05/28/detecting-command-and-control-in-rsa-netwitness-cobalt-strike)
318 | - 2019.05 [cobaltstrike] [Cobalt Strike 3.14 – Post-Ex Omakase Shimasu](https://blog.cobaltstrike.com/2019/05/02/cobalt-strike-3-14-post-ex-omakase-shimasu/)
319 | - 2019.04 [pentestpartners] [Cobalt Strike. Walkthrough for Red Teamers](https://www.pentestpartners.com/security-blog/cobalt-strike-walkthrough-for-red-teamers/)
320 | - 2019.02 [obscuritylabs] [Installing CobaltStrike on Ubuntu 18.04](https://obscuritylabs.com/blog/2019/02/23/installing-cobaltstrike-on-ubuntu-18-04/)
321 | - 2019.02 [obscuritylabs] [Installing CobaltStrike on Ubuntu 18.04](https://blog.obscuritylabs.com/install/)
322 | - 2019.01 [xpnsec] [How to Argue like Cobalt Strike](https://blog.xpnsec.com/how-to-argue-like-cobalt-strike/)
323 | - 2019.01 [cobaltstrike] [Cobalt Strike 3.13 – Why do we argue?](https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/)
324 | - 2018.11 [olafhartong] [Cobalt Strike Remote Threads detection](https://medium.com/p/206372d11d0f)
325 | - 2018.09 [crowdstrike] [Meet CrowdStrike’s Adversary of the Month for September: COBALT SPIDER](https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-september-cobalt-spider/)
326 | - 2018.09 [cobaltstrike] [Cobalt Strike 3.12 – Blink and you’ll miss it](https://blog.cobaltstrike.com/2018/09/06/cobalt-strike-3-12-blink-and-youll-miss-it/)
327 | - 2018.07 [f] [Bypassing Memory Scanners with Cobalt Strike and Gargoyle](https://labs.f-secure.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/)
328 | - 2018.07 [mwrinfosecurity] [Bypassing Memory Scanners with Cobalt Strike and Gargoyle](https://labs.mwrinfosecurity.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/)
329 | - 2018.04 [cobaltstrike] [Cobalt Strike 3.11 – The snake that eats its tail](https://blog.cobaltstrike.com/2018/04/09/cobalt-strike-3-11-the-snake-that-eats-its-tail/)
330 | - 2018.03 [] [Cobalt Strike Visualizations](https://medium.com/p/e6a6e841e16b)
331 | - 2018.03 [offensiveops] [Cobalt Strike – Bypassing Windows Defender with Obfuscation](http://www.offensiveops.io/tools/cobalt-strike-bypassing-windows-defender-with-obfuscation/)
332 | - 2018.01 [bluescreenofjeff] [Cobalt Strike OPSEC Profiles](https://bluescreenofjeff.com/2018-01-23-cobalt-strike-opsec-profiles/)
333 | - 2017.12 [cobaltstrike] [Cobalt Strike 3.10 – Хакер vs. 肉雞](https://blog.cobaltstrike.com/2017/12/11/cobalt-strike-3-10-%d1%85%d0%b0%d0%ba%d0%b5%d1%80-vs-%e8%82%89%e9%9b%9e/)
334 | - 2017.12 [threatexpress] [Slack Notifications for Cobalt Strike](http://threatexpress.com/blogs/2016/slack-notifications-for-cobalt-strike/)
335 | - 2017.12 [blackhillsinfosec] [A Morning with Cobalt Strike & Symantec](https://www.blackhillsinfosec.com/morning-cobalt-strike-symantec/)
336 | - 2017.11 [riskiq] [Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions](https://www.riskiq.com/blog/labs/cobalt-strike/)
337 | - 2017.11 [fortinet] [Cobalt Malware Strikes Using CVE-2017-11882 RTF Vulnerability](https://blog.fortinet.com/2017/11/27/cobalt-malware-strikes-using-cve-2017-11882-rtf-vulnerability)
338 | - 2017.11 [fortinet] [Cobalt Malware Strikes Using CVE-2017-11882 RTF Vulnerability](https://www.fortinet.com/blog/threat-research/cobalt-malware-strikes-using-cve-2017-11882-rtf-vulnerability.html)
339 | - 2017.11 [trendmicro] [Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks](https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/)
340 | - 2017.09 [rsa] [Malspam delivers Cobalt Strike payload 9-19-2017](https://community.rsa.com/community/products/netwitness/blog/2017/09/25/malspam-delivers-cobalt-strike-payload-9-19-2017)
341 | - 2017.09 [mwrinfosecurity] [“Tasking” Office 365 for Cobalt Strike C2](https://labs.mwrinfosecurity.com/blog/tasking-office-365-for-cobalt-strike-c2/)
342 | - 2017.09 [cobaltstrike] [Cobalt Strike 3.9 – Livin’ in a Stager’s Paradise](https://blog.cobaltstrike.com/2017/09/20/cobalt-strike-3-9-livin-in-a-stagers-paradise/)
343 | - 2017.06 [vkremez] [Let's Learn (DIY): Sophisticated Cobalt Strike Gang's CVE-2017-0199 Loader](https://www.vkremez.com/2017/06/lets-learn-diy-sophisticated-cobalt.html)
344 | - 2017.05 [cobaltstrike] [Cobalt Strike 3.8 – Who’s Your Daddy?](https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/)
345 | - 2017.04 [ecforce] [CVE-2017-0199 exploitation with Cobalt Strike tutorial](https://www.secforce.com/blog/2017/04/cve-2017-0199-exploitation-with-cobalt-strike-tutorial/)
346 | - 2017.04 [trustedsec] [Equation Group Dump Analysis and Full RCE on Win7 on MS17-010 with Cobalt Strike](https://www.trustedsec.com/2017/04/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/)
347 | - 2017.03 [cobaltstrike] [Cobalt Strike 3.7 – Cat, Meet Mouse](https://blog.cobaltstrike.com/2017/03/15/cobalt-strike-3-7-cat-meet-mouse/)
348 | - 2017.02 [zairon] [From RTF to Cobalt Strike passing via Flash](https://zairon.wordpress.com/2017/02/05/from-rtf-to-cobalt-strike-passing-via-flash/)
349 | - 2017.01 [inspired] [WMI Persistence with Cobalt Strike](https://blog.inspired-sec.com/archive/2017/01/20/WMI-Persistence.html)
350 | - 2016.12 [cobaltstrike] [Cobalt Strike 3.6 – A Path for Privilege Escalation](https://blog.cobaltstrike.com/2016/12/08/cobalt-strike-3-6-a-path-for-privilege-escalation/)
351 | - 2016.12 [threatexpress] [Slack Notifications for Cobalt Strike](http://threatexpress.com/2016/12/slack-notifications-for-cobalt-strike/)
352 | - 2016.10 [cobaltstrike] [Cobalt Strike Tapas II](https://blog.cobaltstrike.com/2016/10/19/cobalt-strike-tapas-ii/)
353 | - 2016.10 [cobaltstrike] [Cobalt Strike 3.5.1 – Important Security Update](https://blog.cobaltstrike.com/2016/10/03/cobalt-strike-3-5-1-important-security-update/)
354 | - 2016.09 [cobaltstrike] [Cobalt Strike RCE. Active Exploitation Reported.](https://blog.cobaltstrike.com/2016/09/28/cobalt-strike-rce-active-exploitation-reported/)
355 | - 2016.09 [cobaltstrike] [Cobalt Strike 3.5 – UNIX Post Exploitation](https://blog.cobaltstrike.com/2016/09/22/cobalt-strike-3-5-unix-post-exploitation/)
356 | - 2016.09 [cobaltstrike] [Cobalt Strike Tapas](https://blog.cobaltstrike.com/2016/09/16/cobalt-strike-tapas/)
357 | - 2016.07 [cobaltstrike] [Cobalt Strike 3.4 – Operational Details](https://blog.cobaltstrike.com/2016/07/29/cobalt-strike-3-4-operational-details/)
358 | - 2016.07 [cobaltstrike] [HOWTO: Reset Your Cobalt Strike License Key](https://blog.cobaltstrike.com/2016/07/15/howto-reset-your-cobalt-strike-license-key/)
359 | - 2016.06 [bluescreenofjeff] [Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite](https://bluescreenofjeff.com/2016-06-28-cobalt-strike-http-c2-redirectors-with-apache-mod_rewrite/)
360 | - 2014.01 [security] [Four Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2014/01/four-days-with-cortana-script-engine.html)
361 | - 2013.12 [security] [Three Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/11/two-days-with-cortana-script-engine.html)
362 | - 2013.12 [security] [Cobalt Strike Report Hosts *Mod*](http://security-is-just-an-illusion.blogspot.com/2013/12/cobalt-strike-report-hosts-mod.html)
363 | - 2013.12 [security] [Two Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/12/two-days-with-cortana-script-engine.html)
364 | - 2013.12 [security] [One Day with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/11/one-day-with-cortana-script-engine.html)
365 | - 2012.08 [toolswatch] [Blackhat USA 2012: Interview with Raphael Mudge about Armitage (Also Introducing CobaltStrike)](http://www.toolswatch.org/2012/08/blackhat-usa-2012-interview-with-raphael-mudge-about-armitage-also-introducing-cobaltstrike/)
366 | 
367 | 
368 | # Contribute
369 | Contents auto exported by Our System, please raise Issue if you have any question.


--------------------------------------------------------------------------------