Cobalt Strike Sleep Python Bridge

This project started after seeing how the user community tweaks and tunes Cobalt Strike. I was inspired by @BinaryFaultline and @Mcgigglez16 in their project https://github.com/emcghee/PayloadAutomation and blog post http://blog.redxorblue.com/2021/06/introducing-striker-and-payload.html. They created a clever way to interact with a teamserver without the GUI. Before I get too far, I’ll touch on Aggressor scripting and the Sleep […]

Read More… from Cobalt Strike Sleep Python Bridge

Introducing Mimikatz Kit

You can now update Mimikatz between Cobalt Strike releases. Updates will periodically be made available to licensed users via the Arsenal as the Mimikatz Kit. Usage: Download and extract the .tgz from the Arsenal (Note: The version uses the Mimikatz release version naming (i.e., 2.2.0.20210724) Load the mimikatz.cna aggressor script Use mimikatz functions as normal […]

Read More… from Introducing Mimikatz Kit

CredBandit (In memory BOF MiniDump) – Tool review – Part 1

One of the things I find fascinating about being on the Cobalt Strike team is the community. It is amazing to see how people overcome unique challenges and push the tool in directions never considered. I want explore this with CredBandit (https://github.com/xforcered/CredBandit). This tool has had updates since I started exploring. I’m specifically, looking at […]

Read More… from CredBandit (In memory BOF MiniDump) – Tool review – Part 1

New home for Cobalt Strike malleable c2 profiles and scripts

The Cobalt Strike references (malleable c2 profiles, scripts, Elevate Kit, etc.) have been consolidated under a new GitHub account. https://github.com/cobalt-strike We understand that many blog posts (and even our documentation) have references to the original links. The original links will be available for the time being but may not be in the future. Update your […]

Read More… from New home for Cobalt Strike malleable c2 profiles and scripts

Create listeners with an aggressor script – listener_create_ext

This short post is a follow up to the post “Manage Cobalt Strike with Services” where I described a method to automate Cobalt Strike teamservers by creating services. In this post, I will take a closer look at the aggressor function that is used to create listeners listener_create_ext to expanded on the documentation and provide an […]

Read More… from Create listeners with an aggressor script – listener_create_ext

Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique

This is a short blog post with a long title. A few weeks ago, Matt Nelson published Lateral Movement Using the MMC20.APPLICATION COM Object (there’s a Part 2 as well!). The post documents an option, beyond the usual suspects (e.g., services, scheduled tasks, wmi, etc.), to ask a remote system to run a process for […]

Read More… from Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique