This project started after seeing how the user community tweaks and tunes Cobalt Strike. I was inspired by @BinaryFaultline and @Mcgigglez16 in their project https://github.com/emcghee/PayloadAutomation and blog post http://blog.redxorblue.com/2021/06/introducing-striker-and-payload.html. They created a clever way to interact with a teamserver without the GUI. Before I get too far, I’ll touch on Aggressor scripting and the Sleep […]
Cornerstone: Scripting
Introducing Mimikatz Kit
You can now update Mimikatz between Cobalt Strike releases. Updates will periodically be made available to licensed users via the Arsenal as the Mimikatz Kit. Usage: Download and extract the .tgz from the Arsenal (Note: The version uses the Mimikatz release version naming (i.e., 2.2.0.20210724) Load the mimikatz.cna aggressor script Use mimikatz functions as normal […]
CredBandit (In memory BOF MiniDump) – Tool review – Part 1
One of the things I find fascinating about being on the Cobalt Strike team is the community. It is amazing to see how people overcome unique challenges and push the tool in directions never considered. I want explore this with CredBandit (https://github.com/xforcered/CredBandit). This tool has had updates since I started exploring. I’m specifically, looking at […]
Read More… from CredBandit (In memory BOF MiniDump) – Tool review – Part 1
New home for Cobalt Strike malleable c2 profiles and scripts
The Cobalt Strike references (malleable c2 profiles, scripts, Elevate Kit, etc.) have been consolidated under a new GitHub account. https://github.com/cobalt-strike We understand that many blog posts (and even our documentation) have references to the original links. The original links will be available for the time being but may not be in the future. Update your […]
Read More… from New home for Cobalt Strike malleable c2 profiles and scripts
Create listeners with an aggressor script – listener_create_ext
This short post is a follow up to the post “Manage Cobalt Strike with Services” where I described a method to automate Cobalt Strike teamservers by creating services. In this post, I will take a closer look at the aggressor function that is used to create listeners listener_create_ext to expanded on the documentation and provide an […]
Read More… from Create listeners with an aggressor script – listener_create_ext
Manage Cobalt Strike with Services
This post is part of a “Quality of Life” series, where tips and tricks will be shared to make using Cobalt Stike easier. Cobalt Strike is a post-exploitation framework and requires customization to meet your specific needs. This flexibility is one of the most powerful features of Cobalt Strike. While this is great, some may […]
Kits, Profiles, and Scripts… Oh my!
If I had to describe Cobalt Strike in one word, I’d say ‘flexible’. There are a lot of options to control Cobalt Strike’s features and indicators. In this post, I’ll introduce these options, explain the rationale for each, and point you to resources to explore them further. Aggressor Script Aggressor Script is Cobalt Strike’s built-in […]
Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique
This is a short blog post with a long title. A few weeks ago, Matt Nelson published Lateral Movement Using the MMC20.APPLICATION COM Object (there’s a Part 2 as well!). The post documents an option, beyond the usual suspects (e.g., services, scheduled tasks, wmi, etc.), to ask a remote system to run a process for […]
Read More… from Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique
Gettin’ Down with Aggressor Script
Aggressor Script is the scripting engine in Cobalt Strike 3.0 and later. As much as possible, I tried to make Cobalt Strike’s scripting feel like the scripting you would find in a modern IRC client. In this post, I’d like to take you through some resources and third-party examples to help you become familiar with […]
Aggressor Script’s Secret mIRC Scripting Past
Aggressor Script is the scripting engine in Cobalt Strike 3.0 and later. If you want to learn more about it, I recommend reading the documentation. In this blog post, I’ll provide some history around Aggressor Script so you can better understand it and where it comes from. The mIRC Factor mIRC is a popular client for […]
Read More… from Aggressor Script’s Secret mIRC Scripting Past