Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
 
 
 
Go to file
Harley Lebeau 12b0fc54a3
Rename bitsadmin.cna to Bitsadmin.cna
2018-05-14 18:02:16 -06:00
Logging Added Newer Symantec processes 2017-11-07 12:13:51 -07:00
Persistence Rename bitsadmin.cna to Bitsadmin.cna 2018-05-14 18:02:16 -06:00
AVQuery.cna Fixed line 21 errors and added a pause for execution 2018-03-15 13:28:22 -06:00
All_In_One.cna Remaking this completely, keep an eye out for v2 :) 2018-02-09 12:22:10 -07:00
ArtifactPayloadGenerator.cna Automatic Artifact Payload Generator 2017-07-06 12:30:46 -04:00
CertUtilWebDelivery.cna Updated script to use PowerPick thanks @424f424f! 2017-09-01 23:05:08 -04:00
EDR.cna Added Carbon Black Protect. Thanks @Senas23 2018-03-15 13:45:18 -06:00
ProcessColor.cna Thanks to @oldb00t for original version 2017-12-04 16:53:32 -07:00
ProcessMonitor.cna Add files via upload 2017-10-12 14:58:27 -06:00
ProcessMonitor.ps1 Add files via upload 2017-10-12 14:58:27 -06:00
README.md Update README.md 2018-02-09 12:24:55 -07:00
RedTeamRepo.cna Update RedTeamRepo.cna 2017-09-04 05:40:51 -04:00
logvis.cna Added in real time updating 2018-03-22 21:00:04 -06:00

README.md

Aggressor Scripts

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

  • All_In_One.cna v1 - Removed and outdated

    • All purpose script to enhance the user's experience with cobaltstrike. Custom menu creation, Logging, Persistence, Enumeration, and 3rd party script integration.
    • Version 2 is currently in development!
  • ArtifactPayloadGenerator.cna

    • Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener

    • Creates /opt/cobaltstrike/Staged_Payloads, /opt/cobaltstrike/Stageless_Payloads

  • AVQuery.cna

    • Queries the Registry with powershell for all AV Installed on the target

    • Quick and easy way to get the AV you are dealing with as an attacker

    av

  • CertUtilWebDelivery.cna

    • Stageless Web Delivery using CertUtil.exe

    • Powerpick is used to spawn certutil.exe to download the stageless payload on target and execute with rundll32.exe

    certutil2

  • RedTeamRepo.cna

    • A common collection of OS commands, and Red Team Tips for when you have no Google or RTFM on hand.

    • Script will be updated on occasion, feedback and more inputs are welcomed!

    redrepo

  • ProcessColor.cna

    process