Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
 
 
 
Go to file
Harley Lebeau 5fa2d5f1e9 Update README.md 2017-09-01 13:25:36 -04:00
Logging Update README.md 2017-09-01 13:25:13 -04:00
Persistence Added Sample WQL Queries and Payload example 2017-08-13 13:40:09 -04:00
AVQuery.cna Update AVQuery.cna 2017-07-16 15:47:56 -04:00
All_In_One.cna Update All_In_One.cna 2017-05-20 04:08:18 -04:00
ArtifactPayloadGenerator.cna Automatic Artifact Payload Generator 2017-07-06 12:30:46 -04:00
CertUtilWebDelivery.cna CertUtil Web Delivery 2017-09-01 13:11:26 -04:00
README.md Update README.md 2017-09-01 13:25:36 -04:00

README.md

Aggressor Scripts

Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources

  • All_In_One.cna v1

    • All purpose script to enhance the user's experience with cobaltstrike. Custom menu creation, Logging, Persistence, Enumeration, and 3rd party script integration.
    • Thanks to @rsmudge, @enigma0x3, @harmj0y, PowerShell Mafia folks, Nathan Wray, @Und3rFl0w, @oldb00t, bluescreenofjeff for all the help and code snippets.
    • Script must reside in /opt/cobaltstrike/ directory. (Location can be changed inside the script)

All_In_One.cna Dependencies:

Parent Folder/Files: 
    /opt/cobaltstrike/All_In_One.cna
    /opt/cobaltstrike/av_hips_executables.txt 
    /opt/cobaltstrike/logs.py
Sub Folders: 
    /opt/cobaltstrike/scripts/
    /opt/cobaltstrike/Payloads/
    /opt/cobaltstrike/modules/
Elevate Kit (Licensed Users Only)
  • ArtifactPayloadGenerator.cna

    • Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener

    • Creates /opt/cobaltstrike/Staged_Payloads, /opt/cobaltstrike/Stageless_Payloads

  • AVQuery.cna

    • Queries the Registry with powershell for all AV Installed on the target

    • Quick and easy way to get the AV you are dealing with as an attacker

    av