Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/alphaSeclab/cobalt-strike

Resources About Cobalt Strike. 100+ Tools And 200+ Posts.
https://github.com/alphaSeclab/cobalt-strike
aggressor-script cobalt-strike cs-beacon cs-listener cs-redirector external-c2 malleable-c2
Last synced: 3 months ago
JSON representation
Resources About Cobalt Strike. 100+ Tools And 200+ Posts.
Host: GitHub
URL: https://github.com/alphaSeclab/cobalt-strike
Owner: alphaSeclab
Created: 2020-05-31T01:53:52.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-05-31T01:57:01.000Z (over 4 years ago)
Last Synced: 2024-06-27T10:36:49.024Z (4 months ago)
Topics: aggressor-script, cobalt-strike, cs-beacon, cs-listener, cs-redirector, external-c2, malleable-c2
Size: 29.3 KB
Stars: 238
Watchers: 20
Forks: 83
Open Issues: 0
Metadata Files:
- Readme: Readme.md
- Changelog: history/CobaltStrike_20200531095202.json
Awesome Lists containing this project

awesome-hacking-lists - alphaSeclab/cobalt-strike - Resources About Cobalt Strike. 100+ Tools And 200+ Posts. (Others)
README

        # [所有收集类项目](https://github.com/alphaSeclab/all-my-collection-repos)

# CobaltStrike

- 跟Cobalt Strike相关资料, 包括100+工具和200+文章

- [English Version](https://github.com/alphaSeclab/cobalt-strike/blob/master/Readme_en.md)

# 目录

- [External C2](#354ab7654ce3b7c2bdaadd4b8cec655a) ->  [(9)工具](#f68ecdb8fb6ad2a853974daa90aed75d) [(10)文章](#3f8322b76fd5bf27bcced5676ecb23cb)

- [Malleable C2](#3c7575eb27204dbf1ed80f96706c2967) ->  [(6)工具](#61838d4bce2285c7772b309c7bf77300) [(10)文章](#803659291490cf303d14af45bfededa8)

- [Beacon](#403f0531bfef73b0950ebb204f8c943c) ->  [(24)工具](#d3f40c082e959ea8eb4972d192491986) [(63)文章](#9d08b2a4104484ddea919603692e4efd)

- [Listener](#3e1518acb4f724d940248244d90c84d3) ->  [(1)工具](#5a709999cb246f31f15954a28e510804)

- [Aggressor Script](#a9814deb7dba1a899218c27971bb0143) ->  [(29)工具](#57402818113a06fa8c16d023ce6fae05) [(8)文章](#bbf6ba0a11dd2a6e0f86469609796fe7)

- [新添加](#bbe1c2fab620850440dbdc9cafad4280) ->  [(39)工具](#cfa38dd2bfe0bd0fa27d73e7bd2e12f6) [(117)文章](#6368df4dcd53ad109982557bf1062b9d)

# External C2

***

## 工具

- [**325**星][2y] [C#] [spiderlabs/dohc2](https://github.com/spiderlabs/dohc2) DoHC2 allows the ExternalC2 library from Ryan Hanson (

- [**222**星][23d] [PS] [qax-a-team/cobaltstrike-toolset](https://github.com/QAX-A-Team/CobaltStrike-Toolset) Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on

- [**188**星][3y] [C#] [ryhanson/externalc2](https://github.com/ryhanson/externalc2) A library for integrating communication channels with the Cobalt Strike External C2 server

- [**150**星][26d] [Py] [und3rf10w/external_c2_framework](https://github.com/und3rf10w/external_c2_framework) Python api for usage with cobalt strike's External C2 specification

- [**140**星][1m] [C++] [xorrior/raven](https://github.com/xorrior/raven) CobaltStrike External C2 for Websockets

- [**76**星][30d] [C] [outflanknl/external_c2](https://github.com/outflanknl/external_c2) POC for Cobalt Strike external C2

- [**58**星][1y] [C#] [mdsecactivebreach/browser-externalc2](https://github.com/mdsecactivebreach/browser-externalc2) External C2 Using IE COM Objects

- [**58**星][2m] [Py] [truneski/external_c2_framework](https://github.com/truneski/external_c2_framework) Python api for usage with cobalt strike's External C2 specification

- [**37**星][3m] [Go] [lz1y/gecc](https://github.com/lz1y/gecc) Cobalt Strike - Go External C2 Client

***

## 文章

- 2019.12 [talosintelligence] [WAGO PFC200 iocheckd service "I/O-Check" external tool information exposure vulnerability](https://talosintelligence.com/vulnerability_reports/TALOS-2019-0862)

- 2019.10 [aliyun] [Cobalt Strike 的 ExternalC2](https://xz.aliyun.com/t/6565)

- 2019.03 [4hou] [恶意软件如何将External C2和IE COM对象用于命令和控制](https://www.4hou.com/technology/16215.html)

- 2019.03 [aliyun] [探索CobaltStrike的External C2框架](https://xz.aliyun.com/t/4220)

- 2019.02 [mdsec] [External C2, IE COM Objects and how to use them for Command and Control](https://www.mdsec.co.uk/2019/02/external-c2-ie-com-objects-and-how-to-use-them-for-command-and-control/)

- 2018.04 [360] [一起探索Cobalt Strike的ExternalC2框架](https://www.anquanke.com/post/id/103395/)

- 2018.04 [aliyun] [深入探索Cobalt Strike的ExternalC2框架](https://xz.aliyun.com/t/2239)

- 2018.03 [xpnsec] [探索Cobalt Strike与C&C通信的ExternalC2框架/通信规范](https://blog.xpnsec.com/exploring-cobalt-strikes-externalc2-framework/)

- 2017.10 [360] [Cobalt Strike的特殊功能（external_C2）探究](https://www.anquanke.com/post/id/86980/)

- 2013.10 [colinpoflynn] [PLIP DEC2013: Hardware Co-Sim with External Hardware (Serial Port)](https://www.youtube.com/watch?v=g8z5UtcuNyE)

# Malleable C2

***

## 工具

- [**462**星][2y] [rsmudge/malleable-c2-profiles](https://github.com/rsmudge/malleable-c2-profiles) Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.

- [**217**星][2y] [Py] [bluscreenofjeff/malleable-c2-randomizer](https://github.com/bluscreenofjeff/malleable-c2-randomizer) A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls

- [**205**星][23d] [threatexpress/malleable-c2](https://github.com/threatexpress/malleable-c2) Cobalt Strike Malleable C2 Design and Reference Guide

- [**105**星][9m] [xx0hcd/malleable-c2-profiles](https://github.com/xx0hcd/malleable-c2-profiles) Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike

- [**41**星][3y] [bluscreenofjeff/malleablec2profiles](https://github.com/bluscreenofjeff/malleablec2profiles) Malleable C2 profiles for Cobalt Strike

- [**None**星][Py] [fortynorthsecurity/c2concealer](https://github.com/fortynorthsecurity/c2concealer) C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

***

## 文章

- 2018.12 [freebuf] [关于Cobalt Strike的Malleable-C2-Profiles浅析](https://www.freebuf.com/articles/rookie/189948.html)

- 2018.09 [aliyun] [【翻译】深入研究cobalt strike malleable C2配置文件](https://xz.aliyun.com/t/2796)

- 2018.09 [specterops] [A Deep Dive into Cobalt Strike Malleable C2](https://medium.com/p/6660e33b0e0b)

- 2018.09 [threatexpress] [A Deep Dive into Cobalt Strike Malleable C2](http://threatexpress.com/2018/09/a-deep-dive-into-cobalt-strike-malleable-c2/)

- 2018.09 [threatexpress] [A Deep Dive into Cobalt Strike Malleable C2](http://threatexpress.com/blogs/2018/a-deep-dive-into-cobalt-strike-malleable-c2/)

- 2018.06 [cobaltstrike] [Broken Promises and Malleable C2 Profiles](https://blog.cobaltstrike.com/2018/06/04/broken-promises-and-malleable-c2-profiles/)

- 2018.01 [threatexpress] [Automating Apache mod_rewrite and Cobalt Strike Malleable C2 for Intelligent Redirection](http://threatexpress.com/2018/02/automating-cobalt-strike-profiles-apache-mod_rewrite-htaccess-files-intelligent-c2-redirection/)

- 2017.08 [bluescreenofjeff] [Randomized Malleable C2 Profiles Made Easy](https://bluescreenofjeff.com/2017-08-30-randomized-malleable-c2-profiles-made-easy/)

- 2017.01 [bluescreenofjeff] [How to Write Malleable C2 Profiles for Cobalt Strike](https://bluescreenofjeff.com/2017-01-24-how-to-write-malleable-c2-profiles-for-cobalt-strike/)

- 2014.07 [harmj0y] [A Brave New World: Malleable C2](http://www.harmj0y.net/blog/redteaming/a-brave-new-world-malleable-c2/)

# Beacon

***

## 工具

- [**244**星][6m] [PS] [rsmudge/elevatekit](https://github.com/rsmudge/elevatekit) The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.

- [**193**星][17d] [Go] [darkr4y/geacon](https://github.com/darkr4y/geacon) Practice Go programming and implement CobaltStrike's Beacon in Go

- [**129**星][2m] [JS] [dermike/slide-beacon-app](https://github.com/dermike/slide-beacon-app) Share links from your Mac using this app to broadcast them as a Physical Web Eddystone URL bluetooth beacon or mDNS.

- [**115**星][4m] [HTML] [romanemelyanov/cobaltstrikeforensic](https://github.com/romanemelyanov/cobaltstrikeforensic) Toolset for research malware and Cobalt Strike beacons

- [**71**星][6m] [Py] [daddycocoaman/beacongraph](https://github.com/daddycocoaman/beacongraph) Graph visualization of wireless client and access point relationships

- [**59**星][24d] [Go] [averagesecurityguy/c2](https://github.com/averagesecurityguy/c2) A simple, extensible C&C beaconing system.

- [**57**星][2m] [Shell] [cyb0r9/network-attacker](https://github.com/Cyb0r9/network-attacker) Programmed For Penetration Testing Beginners . This Program Based on Mdk3 . "WiFi Stress Testing Beacon Flooding & Deauthentication Attack "

- [**56**星][24d] [HTML] [aravinthpanch/rssi](https://github.com/aravinthpanch/rssi) Indoor localisation using RSSI. RSSI is received signal strength indicator in IEEE 802.11 beacon packet to announce the presence of WiFi.This tool was built to study & visualize the data collected in the experiments. This was done at Telecommunications Network Group (TKN), Berlin as part of EVARILOS.

- [**50**星][2m] [001spartan/csfm](https://github.com/001spartan/csfm) Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.

- [**45**星][10m] [JS] [dermike/physical-web-scan-app](https://github.com/dermike/physical-web-scan-app) Mac OSX desktop client app to scan for Physical Web (Eddystone) bluetooth beacons

- [**39**星][4m] [C++] [lijuno/nrf24_ble](https://github.com/lijuno/nRF24_BLE) Hacking nRF24L01+ as a low-cost BLE beacon

- [**30**星][5m] [chriso0710/pikiosk](https://github.com/chriso0710/pikiosk) Automate Chromium in kiosk mode and Eddystone beacon on Raspberry Pi Raspbian Jessie with Ansible. Use a single command to update the kiosk and Eddystone URLs on all machines.

- [**29**星][24d] [TS] [iot-makers/sigfox-platform](https://github.com/iot-makers/sigfox-platform) Open Source platform to display and parse Sigfox messages in real time with Sigfox, GPS, WiFi & beacon geolocalisation

- [**25**星][9m] [C] [clockfort/wifi-locator](https://github.com/clockfort/wifi-locator) Determines physical location of station judging from 802.11 beacons' BSSID/Signal/Noise/Quality information.

- [**20**星][5m] [C++] [6e726d/native-wifi-api-beacon-sniffer](https://github.com/6e726d/native-wifi-api-beacon-sniffer) Tool that dumps beacon frames to a pcap file. Works on Windows Vista or Later with any Wireless Card.

- [**14**星][23d] [Py] [mlodic/ursnif_beacon_decryptor](https://github.com/mlodic/ursnif_beacon_decryptor) Ursnif beacon decryptor

- [**12**星][1m] [Go] [wahyuhadi/beacon-c2-go](https://github.com/wahyuhadi/beacon-c2-go) backdoor c2

- [**11**星][3m] [Dockerfile] [d3vzer0/cnc-relay](https://github.com/d3vzer0/cnc-relay) Docker projects to retain beacon source IPs using C2 relaying infra

- [**10**星][2y] [C] [wifimon/wifimon](https://github.com/wifimon/wifimon) Wi-fi 802.11 Beacon Frame sniffer

- [**9**星][3y] [C] [loukamb/beacon](https://github.com/loukamb/beacon) Lightweight, header-only C++ IPC library for Windows operating systems (Vista+) using advanced local procedure calls

- [**9**星][4m] [Py] [ajackal/cherrywasp](https://github.com/ajackal/cherrywasp) An 802.11 probe request and beacon sniffer.

- [**2**星][9m] [Shell] [b3n-j4m1n/flood-kick-sniff](https://github.com/b3n-j4m1n/flood-kick-sniff) Known Beacons attack tool

- [**2**星][5m] [Shell] [op7ic/rt-officebeaconbox](https://github.com/op7ic/rt-officebeaconbox) Simple Office-based beacon that calls back to your server for phishing exercises.

- [**None**星][C++] [rvn0xsy/linco2](https://github.com/rvn0xsy/linco2) 模拟Cobalt Strike的Beacon与C2通信过程，实现了基于HTTP协议的Linux C2

***

## 文章

- 2020.05 [pentestpartners] [Short beacon analysis on the NHS iOS Tracking application](https://www.pentestpartners.com/security-blog/short-beacon-analysis-on-the-nhs-ios-tracking-application/)

- 2020.05 [findingbad] [Hunting for Beacons Part 2](http://findingbad.blogspot.com/2020/05/hunting-for-beacons-part-2.html)

- 2020.05 [findingbad] [Hunting for Beacons](http://findingbad.blogspot.com/2020/05/hunting-for-beacons.html)

- 2020.04 [activecountermeasures] [Threat Simulation – Beacons](https://www.activecountermeasures.com/threat-simulation-beacons/)

- 2020.04 [tindie] [UHF Radio Beacon for Lost RC Models](https://blog.tindie.com/2020/04/uhf-radio-beacon-lost-rc-models/)

- 2020.04 [aliyun] [cobaltstrike dns beacon知多少](https://xz.aliyun.com/t/7488)

- 2020.03 [blackhillsinfosec] [Detecting Malware Beacons With Zeek and RITA](https://www.blackhillsinfosec.com/detecting-malware-beacons-with-zeek-and-rita/)

- 2020.01 [fox] [Hunting for beacons](https://blog.fox-it.com/2020/01/15/hunting-for-beacons/)

- 2019.11 [s0lst1c3] [Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks](https://posts.specterops.io/modern-wireless-attacks-pt-ii-mana-and-known-beacon-attacks-97a359d385f9)

- 2019.10 [specterops] [Modern Wireless Tradecraft Pt II — MANA and Known Beacon Attacks](https://medium.com/p/97a359d385f9)

- 2019.08 [TechMinds] [Hunting LF/MF/HF Beacons With An Airspy HF+ Discovery](https://www.youtube.com/watch?v=PduaBOMPlz4)

- 2019.05 [activecountermeasures] [Detecting Beacons With Jitter](https://www.activecountermeasures.com/detecting-beacons-with-jitter/)

- 2019.05 [freebuf] [通过ee-outliers与Elasticsearch检测TLS beaconing](https://www.freebuf.com/sectool/202735.html)

- 2019.04 [activecountermeasures] [Simplifying Beacon Analysis through Big Data Analysis](https://www.activecountermeasures.com/simplifying-beacon-analysis-through-big-data-analysis/)

- 2019.04 [NDSSSymposium] [NDSS 2019  MBeacon: Privacy-Preserving Beacons for DNA Methylation Data](https://www.youtube.com/watch?v=ZF78gBfppfM)

- 2019.02 [sensorfu] [SensorFu Beacon How To: 3 steps to always know if your isolated Linux leaks](https://medium.com/p/e2206252782c)

- 2019.02 [sensorfu] [Deploying SensorFu Beacon Windows Application with GPO](https://medium.com/p/530e315f25a)

- 2019.02 [rapid7] [Smart Sensors: A Look at Beacon Security](https://blog.rapid7.com/2019/02/05/smart-sensors-a-look-at-beacon-security/)

- 2019.02 [sensorfu] [Using SensorFu Beacon to supplement Threat Intel](https://medium.com/p/ff8dc1a3bfb8)

- 2018.12 [nviso] [TLS beaconing detection using ee-outliers and Elasticsearch](https://blog.nviso.be/2018/12/11/tls-beaconing-detection-using-ee-outliers-and-elasticsearch/)

- 2018.11 [DEFCONConference] [DEF CON 26 HARDWARE HACKING VILLAGE - John Aho -  WiFi Beacons will give you up](https://www.youtube.com/watch?v=1XoxtcBGga0)

- 2018.10 [NullByte] [Track & Connect to Smartphones with a Beacon Swarm [Tutorial]](https://www.youtube.com/watch?v=o95Or-Z_Ybk)

- 2018.09 [blackhillsinfosec] [PODCAST: Beacon Analysis](https://www.blackhillsinfosec.com/beaconanalysis/)

- 2018.09 [activecountermeasures] [Threat Hunting Beacon Analysis Webcast from September 11, 2018](https://www.activecountermeasures.com/threat-hunting-beacon-analysis-webcast-from-september-11-2018/)

- 2018.08 [activecountermeasures] [Threat Hunting – Simplifying The Beacon Analysis Process](https://www.activecountermeasures.com/threat-hunting-simplifying-the-beacon-analysis-process/)

- 2018.08 [activecountermeasures] [Beacon Analysis – The Key to Cyber Threat Hunting](https://www.activecountermeasures.com/blog-beacon-analysis-the-key-to-cyber-threat-hunting/)

- 2018.08 [jpcert] [Volatility Plugin for Detecting Cobalt Strike Beacon](https://blog.jpcert.or.jp/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html)

- 2018.08 [jpcert] [Volatility Plugin for Detecting Cobalt Strike Beacon](https://blogs.jpcert.or.jp/en/2018/08/volatility-plugin-for-detecting-cobalt-strike-beacon.html)

- 2018.04 [activecountermeasures] [New Beacon Graph in the Works](https://www.activecountermeasures.com/new-beacon-graph-in-the-works/)

- 2018.04 [3gstudent] [CIA Hive Beacon Infrastructure复现2——使用Apache mod_rewrite实现https流量分发](https://3gstudent.github.io/3gstudent.github.io/CIA-Hive-Beacon-Infrastructure%E5%A4%8D%E7%8E%B02-%E4%BD%BF%E7%94%A8Apache-mod_rewrite%E5%AE%9E%E7%8E%B0https%E6%B5%81%E9%87%8F%E5%88%86%E5%8F%91/)

- 2018.04 [3gstudent] [CIA Hive Beacon Infrastructure复现2——使用Apache mod_rewrite实现https流量分发](https://3gstudent.github.io/3gstudent.github.io/CIA-Hive-Beacon-Infrastructure%E5%A4%8D%E7%8E%B02-%E4%BD%BF%E7%94%A8Apache-mod_rewrite%E5%AE%9E%E7%8E%B0https%E6%B5%81%E9%87%8F%E5%88%86%E5%8F%91/)

- 2018.04 [3gstudent] [CIA Hive Beacon Infrastructure复现1——使用Apache mod_rewrite实现http流量分发](https://3gstudent.github.io/3gstudent.github.io/CIA-Hive-Beacon-Infrastructure%E5%A4%8D%E7%8E%B01-%E4%BD%BF%E7%94%A8Apache-mod_rewrite%E5%AE%9E%E7%8E%B0http%E6%B5%81%E9%87%8F%E5%88%86%E5%8F%91/)

- 2018.04 [3gstudent] [CIA Hive Beacon Infrastructure复现1——使用Apache mod_rewrite实现http流量分发](https://3gstudent.github.io/3gstudent.github.io/CIA-Hive-Beacon-Infrastructure%E5%A4%8D%E7%8E%B01-%E4%BD%BF%E7%94%A8Apache-mod_rewrite%E5%AE%9E%E7%8E%B0http%E6%B5%81%E9%87%8F%E5%88%86%E5%8F%91/)

- 2018.04 [rvrsh3ll] [Redirecting Cobalt Strike DNS Beacons](https://medium.com/p/e3dcdb5a8b9b)

- 2018.02 [census] [The Known Beacons Attack (34th Chaos Communication Congress)](https://census-labs.com/news/2018/02/01/known-beacons-attack-34c3/)

- 2017.06 [cobaltstrike] [OPSEC Considerations for Beacon Commands](https://blog.cobaltstrike.com/2017/06/23/opsec-considerations-for-beacon-commands/)

- 2017.06 [360] [使用Flare、Elastic Stack、IDS检测恶意软件通信的“beaconing”](https://www.anquanke.com/post/id/86285/)

- 2017.06 [social] [Web Beacons for Social Engineering Reconnaissance](https://www.social-engineer.org/general-blog/web-beacons-social-engineering-reconnaissance/)

- 2017.06 [austintaylor] [使用 Flare、ElasticStack 及 IDS 检测 Beaconing（恶意软件周期性与C&C通信的过程）](http://www.austintaylor.io/detect/beaconing/intrusion/detection/system/command/control/flare/elastic/stack/2017/06/10/detect-beaconing-with-flare-elasticsearch-and-intrusion-detection-systems/)

- 2017.06 [longtermsec] [Chrome just hardened the Navigator Beacon API against Cross-Site-Request-Forgery (CSRF)](https://medium.com/p/690239ccccf)

- 2017.02 [freebuf] [Cobalt Strike之DNS Beacon使用记录](http://www.freebuf.com/sectool/127125.html)

- 2016.11 [jerrygamblin] [Spoofing Beacon Frames From The 5000 Most Common SSIDS](https://jerrygamblin.com/2016/11/27/spoofing-the-top-5000-ssids/)

- 2016.10 [rvrsh3ll] [Redirecting Cobalt Strike DNS Beacons](http://www.rvrsh3ll.net/blog/offensive/redirecting-cobalt-strike-dns-beacons/)

- 2016.09 [christophertruncer] [Receiving Text Messages for your Incoming Beacons](https://www.christophertruncer.com/receiving-text-messages-for-your-incoming-beacons/)

- 2016.07 [] [Forging WiFi Beacon Frames Using Scapy](https://www.4armed.com/blog/forging-wifi-beacon-frames-using-scapy/)

- 2016.05 [breakpoint] [Using Python to Decrypt Dispind.A and Helminth HTTP Beacons](https://breakpoint-labs.com/blog/using-python-to-decrypt-dispind-a-and-helminth-http-beacons/)

- 2016.05 [arxiv] [[1605.04559] Bitcoin Beacon](https://arxiv.org/abs/1605.04559)

- 2015.11 [freebuf] [HackRF嗅探蓝牙重放iBeacons信号](http://www.freebuf.com/articles/wireless/86345.html)

- 2015.11 [alienvault] [Ultrasound Tracking Beacons Making Things Sort of Creepy For Consumers](https://www.alienvault.com/blogs/security-essentials/ultrasound-tracking-beacons-making-things-sort-of-creepy-for-consumers)

- 2015.10 [z4ziggy] [Exploring Bluetooth & iBeacons – from software to radio signals and back.](https://z4ziggy.wordpress.com/2015/10/01/exploring-bluetooth-and-ibeacons-from-software-to-radio-signals-and-back/)

- 2015.09 [christophertruncer] [Upgrading Your Shells to Beacons](https://www.christophertruncer.com/upgrade-your-shells-to-beacons/)

- 2015.07 [securitykitten] [Finding Beacons With Bro](http://securitykitten.github.io/finding-beacons-with-bro/)

- 2015.04 [arxiv] [[1504.07192] Location-aware sign-on and key exchange using attribute-based encryption and Bluetooth beacons](https://arxiv.org/abs/1504.07192)

- 2015.01 [securityriskadvisors] [Beaconing Past McAfee ePO](http://securityriskadvisors.com/blog/post/beaconing-past-mcafee-epo/)

- 2014.10 [sans] [CSAM: Be Wary of False Beacons](https://isc.sans.edu/forums/diary/CSAM+Be+Wary+of+False+Beacons/18813/)

- 2014.08 [freebuf] [BTLE/BT4.0低功耗蓝牙无线发包器（可模拟iBeacon、建链、通信等）](http://www.freebuf.com/sectool/40078.html)

- 2014.05 [rsa] [Sality Botnet Beacons Change- How to Detect It](https://community.rsa.com/community/products/netwitness/blog/2014/05/09/sality-botnet-beacons-change-how-to-detect-it)

- 2014.05 [metaflows] [Got Beacons?](https://www.metaflows.com/blog/got-beacons/)

- 2014.02 [rsa] [Detecting the Zusy Botnet Beaconing](https://community.rsa.com/community/products/netwitness/blog/2014/02/20/detecting-the-zusy-botnet-beaconing)

- 2013.11 [freebuf] [关于分析Cobalt Strike的beacon.dll的一些TIPS](http://www.freebuf.com/articles/system/18404.html)

- 2012.12 [arxiv] [[1212.2404] A beaconing approach whith key exchange in vehicular ad hoc networks](https://arxiv.org/abs/1212.2404)

- 2012.10 [toolswatch] [New feature “Beacon” added to Cobalt Strike](http://www.toolswatch.org/2012/10/new-feature-beacon-added-to-cobalt-strike/)

- 2012.07 [talosintelligence] [Banking Trojan Spread Via UPS Phish Uses 0xDEADBEEF Beacon](https://blog.talosintelligence.com/2012/07/banking-trojan-spread-via-ups-phish.html)

# Listener

***

## 工具

- [**49**星][20d] [Shell] [taherio/redi](https://github.com/taherio/redi) Automated script for setting up CobaltStrike redirectors (nginx reverse proxy, letsencrypt)

# Aggressor Script

***

## 工具

- [**758**星][8m] [C#] [harleyqu1nn/aggressorscripts](https://github.com/harleyqu1nn/aggressorscripts) Cobalt Strike 3.0+ Aggressor 脚本收集

- [**378**星][2y] [bluscreenofjeff/aggressorscripts](https://github.com/bluscreenofjeff/aggressorscripts) Aggressor scripts for use with Cobalt Strike 3.0+

- [**369**星][18d] [Java] [rsmudge/cortana-scripts](https://github.com/rsmudge/cortana-scripts) A collection of Cortana scripts that you may use with Armitage and Cobalt Strike 2.x. Cortana Scripts are not compatible with Cobalt Strike 3.x. Cobalt Strike 3.x uses a variant of Cortana called Aggressor Script.

- [**252**星][3y] [PS] [und3rf10w/aggressor-scripts](https://github.com/und3rf10w/aggressor-scripts) Aggressor scripts I've made for Cobalt Strike

- [**215**星][2y] [C#] [spiderlabs/sharpcompile](https://github.com/spiderlabs/sharpcompile) SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into Cobalt Strike. The project aims to make it easier to move away from adhoc PowerShell execution instead creating a temporary assembly and executing…

- [**175**星][22d] [uknowsec/sharptoolsaggressor](https://github.com/uknowsec/sharptoolsaggressor) 内网渗透中常用的c#程序整合成cs脚本，直接内存加载。持续更新~

- [**174**星][2y] [ramen0x3f/aggressorscripts](https://github.com/ramen0x3f/aggressorscripts)  audit your machines or machines you're authorized to audit

- [**144**星][4m] [PS] [vysecurity/aggressor-vysec](https://github.com/vysecurity/Aggressor-VYSEC) CobaltStrike Aggressor Scripts

- [**126**星][2y] [zonksec/persistence-aggressor-script](https://github.com/zonksec/persistence-aggressor-script) initial commit

- [**102**星][2y] [PS] [rhinosecuritylabs/aggressor-scripts](https://github.com/rhinosecuritylabs/aggressor-scripts) Aggregation of Cobalt Strike's aggressor scripts.

- [**101**星][27d] [001spartan/aggressor_scripts](https://github.com/001spartan/aggressor_scripts) A collection of useful scripts for Cobalt Strike

- [**97**星][2y] [PS] [rasta-mouse/aggressor-script](https://github.com/rasta-mouse/aggressor-script) Collection of Aggressor Scripts for Cobalt Strike

- [**93**星][4m] [Py] [fortynorthsecurity/aggressorassessor](https://github.com/fortynorthsecurity/aggressorassessor) Aggressor scripts for phases of a pen test or red team assessment

- [**87**星][22d] [k8gege/aggressor](https://github.com/k8gege/Aggressor) Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force

- [**87**星][22d] [k8gege/aggressor](https://github.com/k8gege/aggressor) Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force

- [**73**星][27d] [vysecurity/cve-2018-4878](https://github.com/vysecurity/CVE-2018-4878) Aggressor Script to launch IE driveby for CVE-2018-4878

- [**68**星][2y] [tevora-threat/powerview3-aggressor](https://github.com/tevora-threat/powerview3-aggressor) Cobalt Strike Aggressor script menu for Powerview/SharpView

- [**57**星][2y] [PS] [invokethreatguy/csasc](https://github.com/invokethreatguy/csasc) Cobalt Strike Aggressor Script Collection

- [**46**星][4m] [Py] [coalfire-research/vampire](https://github.com/coalfire-research/vampire) Vampire is an aggressor script which integrates with BloodHound to mark nodes as owned.

- [**46**星][16d] [JS] [threatexpress/aggressor-scripts](https://github.com/threatexpress/aggressor-scripts) Cobalt Strike Aggressor Scripts

- [**43**星][27d] [tevora-threat/aggressor-powerview](https://github.com/tevora-threat/aggressor-powerview) PowerView menu for Cobalt Strike

- [**39**星][2y] [secgroundzero/cs-aggressor-scripts](https://github.com/secgroundzero/cs-aggressor-scripts) Aggressor Scripts for Cobalt Strike

- [**30**星][17d] [mgeeky/cobalt-arsenal](https://github.com/mgeeky/cobalt-arsenal) My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+

- [**25**星][6m] [scanfsec/cve-2018-15982](https://github.com/scanfsec/cve-2018-15982) Aggressor Script to launch IE driveby for CVE-2018-15982.

- [**22**星][3y] [PS] [oldb00t/aggressorscripts](https://github.com/oldb00t/aggressorscripts) Cobaltstrike Aggressor Scripts

- [**22**星][12m] [superdong0/aggressor_mail](https://github.com/superdong0/aggressor_mail) beacon,aggressor-scripts,cna,cobalt-strike,email

- [**18**星][3m] [mdsecactivebreach/execute-githubassembly-aggressor](https://github.com/mdsecactivebreach/execute-githubassembly-aggressor) Aggressor Script to Execute Assemblies from Github

- [**1**星][8m] [kingsabri/aggressorscripts](https://github.com/kingsabri/aggressorscripts) A collection of Cobalt Strike aggressor scripts

- [**None**星][C] [timwhitez/cobalt-strike-aggressor-scripts](https://github.com/timwhitez/cobalt-strike-aggressor-scripts) Cobalt Strike Aggressor 插件包

***

## 文章

- 2019.06 [rastamouse] [The Return of Aggressor](https://rastamouse.me/2019/06/the-return-of-aggressor/)

- 2018.07 [tevora] [A SharpView and More Aggressor](https://threat.tevora.com/a-sharpview-and-more-aggressor/)

- 2018.03 [tevora] [Aggressor PowerView](http://threat.tevora.com/aggressor-powerview/)

- 2018.03 [] [Aggressor 101: Unleashing Cobalt Strike for Fun and Profit](https://medium.com/p/879bf22cea31)

- 2018.02 [360] [Cobalt  Strike神器高级教程利用Aggressor脚本编写目标上线邮件提醒](https://www.anquanke.com/post/id/98829/)

- 2016.11 [bluescreenofjeff] [Beaconpire - Cobalt Strike and Empire Interoperability with Aggressor Script](https://bluescreenofjeff.com/2016-11-29-beaconpire-cobalt-strike-and-empire-interoperability-with-aggressor-script/)

- 2016.09 [bluescreenofjeff] [Adding Easy GUIs to Aggressor Scripts](https://bluescreenofjeff.com/2016-09-07-adding-easy-guis-to-aggressor-scripts/)

- 2016.05 [zonksec] [Persistence Aggressor Script](https://zonksec.com/blog/persistence-aggressor-script/)

# 新添加

***

## 工具

- [**822**星][4m] [aleenzz/cobalt_strike_wiki](https://github.com/aleenzz/cobalt_strike_wiki) Cobalt Strike系列

- [**409**星][2y] [Shell] [killswitch-gui/cobaltstrike-toolkit](https://github.com/killswitch-gui/cobaltstrike-toolkit) Some useful scripts for CobaltStrike

- [**398**星][21d] [Py] [vysecurity/morphhta](https://github.com/vysecurity/morphHTA) morphHTA - Morphing Cobalt Strike's evil.HTA

- [**225**星][4m] [PS] [outflanknl/excel4-dcom](https://github.com/outflanknl/excel4-dcom) PowerShell和Cobalt Strike脚本，通过DCOM执行Excel4.0/XLM宏实现横向渗透（直接向Excel.exe注入Shellcode）

- [**224**星][3m] [gloxec/crossc2](https://github.com/gloxec/crossc2) generate CobaltStrike's cross-platform payload

- [**213**星][18d] [PS] [vysecurity/angrypuppy](https://github.com/vysecurity/ANGRYPUPPY) Bloodhound Attack Path Automation in CobaltStrike

- [**193**星][4m] [PS] [phink-team/cobaltstrike-ms17-010](https://github.com/phink-team/cobaltstrike-ms17-010) cobaltstrike ms17-010 module and some other

- [**190**星][17d] [Py] [threatexpress/cs2modrewrite](https://github.com/threatexpress/cs2modrewrite) Convert Cobalt Strike profiles to modrewrite scripts

- [**150**星][22d] [C#] [josephkingstone/cobalt_strike_extension_kit](https://github.com/josephkingstone/cobalt_strike_extension_kit) Tired of typing execute-assembly everytime you use Cobalt Strike? Clone this.

- [**117**星][5m] [Py] [verctor/cs_xor64](https://github.com/verctor/cs_xor64) cobaltstrike xor64.bin补完计划

- [**115**星][2y] [ridter/cs_chinese_support](https://github.com/ridter/cs_chinese_support) Cobalt strike 修改支持回显中文。

- [**110**星][18d] [fox-it/cobaltstrike-extraneous-space](https://github.com/fox-it/cobaltstrike-extraneous-space) Historical list of {Cobalt Strike,NanoHTTPD} servers

- [**101**星][3y] [Py] [mr-un1k0d3r/sct-obfuscator](https://github.com/mr-un1k0d3r/sct-obfuscator) Cobalt Strike SCT payload obfuscator

- [**91**星][4m] [0xthirteen/staykit](https://github.com/0xthirteen/staykit) Cobalt Strike kit for Persistence

- [**89**星][5m] [C#] [jnqpblc/sharpspray](https://github.com/jnqpblc/sharpspray) SharpSpray a simple code set to perform a password spraying attack against all users of a domain using LDAP and is compatible with Cobalt Strike.

- [**89**星][17d] [Py] [k8gege/scrun](https://github.com/k8gege/scrun) BypassAV ShellCode Loader (Cobaltstrike/Metasploit)

- [**88**星][1y] [Py] [dcsync/pycobalt](https://github.com/dcsync/pycobalt) Cobalt Strike API, Python版本

- [**87**星][1m] [Py] [ryanohoro/csbruter](https://github.com/ryanohoro/csbruter) Cobalt Strike team server password brute force tool

- [**82**星][2y] [java] [anbai-inc/cobaltstrike_hanization](https://github.com/anbai-inc/cobaltstrike_hanization) CobaltStrike 2.5中文汉化版

- [**73**星][4m] [C#] [0xthirteen/movekit](https://github.com/0xthirteen/movekit) Cobalt Strike kit for Lateral Movement

- [**56**星][4m] [1135/1135-cobaltstrike-toolkit](https://github.com/1135/1135-cobaltstrike-toolkit) about CobaltStrike

- [**51**星][3y] [p292/ddeautocs](https://github.com/p292/ddeautocs) A cobaltstrike script that integrates DDEAuto Attacks

- [**45**星][4m] [C#] [jnqpblc/sharptask](https://github.com/jnqpblc/sharptask) SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.

- [**45**星][28d] [vysecurity/cobaltsplunk](https://github.com/vysecurity/CobaltSplunk) Splunk Dashboard for CobaltStrike logs

- [**41**星][3y] [Go] [empty-nest/emptynest](https://github.com/empty-nest/emptynest) 基于插件的 C2 服务器框架。其目标不是取代某些强大的工具（例如 Empire、Metasploit、CobaltStrike），而是创建一个支持框架，以便为自定义 agents 快速创建小型、专用的 handlers

- [**33**星][3m] [tom4t0/cobalt-strike-persistence](https://github.com/tom4t0/cobalt-strike-persistence) cobalt strike 自启动脚本

- [**30**星][5m] [C#] [mr-un1k0d3r/remoteprocessinjection](https://github.com/mr-un1k0d3r/remoteprocessinjection) C# remote process injection utility for Cobalt Strike

- [**29**星][6m] [redteamwing/cobaltstrike_wiki](https://github.com/redteamwing/cobaltstrike_wiki) Cobalt Strike 3.12中文文档

- [**27**星][2m] [johnnydep/cobaltstrike](https://github.com/johnnydep/cobaltstrike) cobalt strike stuff I have gathered from around github

- [**24**星][21d] [HTML] [ridter/cs_custom_404](https://github.com/ridter/cs_custom_404) Cobalt strike custom 404 page

- [**22**星][5m] [Py] [k8gege/pyladon](https://github.com/k8gege/pyladon) Ladon For Python, Large Network Penetration Scanner & Cobalt Strike, vulnerability / exploit / detection / MS17010

- [**19**星][2m] [icebearfriend/quickrundown](https://github.com/icebearfriend/quickrundown) Smart overlay for Cobalt Strike PS function

- [**17**星][4m] [Py] [attactics/cslogwatch](https://github.com/attactics/cslogwatch) Cobalt Strike log state tracking, parsing, and storage

- [**14**星][2m] [TS] [hattmo/c2profilejs](https://github.com/hattmo/c2profilejs) Web UI for creating C2 profiles for Cobalt Strike

- [**9**星][2y] [Zeek] [sjosz/cnc-detection](https://github.com/sjosz/cnc-detection) Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation

- [**3**星][3m] [Shell] [war-horse/docker-cobaltstrike](https://github.com/war-horse/docker-cobaltstrike) A Cobaltstrike container, built for Warhorse

- [**None**星][C++] [outflanknl/spray-ad](https://github.com/outflanknl/spray-ad) A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.

- [**None**星][hack2fun/bypassav](https://github.com/hack2fun/bypassav) Cobalt Strike插件，用于快速生成免杀的可执行文件

- [**None**星][PS] [k8gege/powerladon](https://github.com/k8gege/powerladon) Large Network Penetration Scanner & Cobalt Strike, Ladon for PowerShell, vulnerability / exploit / detection / MS17010

***

## 文章

- 2020.04 [venus] [渗透利器 Cobalt Strike 在野利用情况专题分析](https://paper.seebug.org/1190/)

- 2020.04 [t00ls] [CobaltStrike Powershell Bypass AV 初探](https://www.t00ls.net/articles-55754.html)

- 2020.04 [securelist] [Loncom packer: from backdoors to Cobalt Strike](https://securelist.com/loncom-packer-from-backdoors-to-cobalt-strike/96465/)

- 2020.03 [freebuf] [Cobalt Strike折腾踩坑填坑记录](https://www.freebuf.com/sectool/229965.html)

- 2020.03 [venus] [Cobalt Strike 4.0 手册——献给渗透测试人员的先进威胁战术](https://paper.seebug.org/1143/)

- 2020.03 [cobaltstrike] [Cobalt Strike joins Core Impact at HelpSystems, LLC](https://blog.cobaltstrike.com/2020/03/04/cobalt-strike-joins-core-impact-at-helpsystems-llc/)

- 2020.02 [freebuf] [精品公开课｜CobaltStrike基础到进阶](https://www.freebuf.com/open/227850.html)

- 2020.01 [malware] [2020-01-21 - HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2020/01/21/index2.html)

- 2020.01 [freebuf] [内网渗透实验：基于Cobaltstrike的一系列实验](https://www.freebuf.com/vuls/224507.html)

- 2019.12 [4hou] [Cobalt Strike的blockdlls利用分析](https://www.4hou.com/technology/22043.html)

- 2019.12 [malware] [2019-12-10 - DATA DUMP: HANCITOR INFECTION WITH URSNIF AND COBALT STRIKE](http://malware-traffic-analysis.net/2019/12/10/index.html)

- 2019.12 [cobaltstrike] [Cobalt Strike 4.0 – Bring Your Own Weaponization](https://blog.cobaltstrike.com/2019/12/05/cobalt-strike-4-0-bring-your-own-weaponization/)

- 2019.11 [ColinHardy] [Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection](https://www.youtube.com/watch?v=XnN_UWfHlNM)

- 2019.11 [3gstudent] [Cobalt Strike的blockdlls利用分析](https://3gstudent.github.io/3gstudent.github.io/Cobalt_Strike%E7%9A%84blockdlls%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90/)

- 2019.11 [ironcastle] [Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike, (Wed, Nov 20th)](https://www.ironcastle.net/hancitor-infection-with-pony-evil-pony-ursnif-and-cobalt-strike-wed-nov-20th/)

- 2019.11 [aliyun] [Cobaltstrike Server持久化 & Cobaltstrike与Metasploit相互派生shell](https://xz.aliyun.com/t/6722)

- 2019.09 [aliyun] [细说Cobalt Strike进程注入](https://xz.aliyun.com/t/6205)

- 2019.09 [aliyun] [CobaltStrike插件开发官方指南 Part3](https://xz.aliyun.com/t/6189)

- 2019.09 [aliyun] [CobaltStrike插件开发官方指南 Part3](https://xz.aliyun.com/t/6188)

- 2019.08 [cobaltstrike] [Cobalt Strike’s Process Injection: The Details](https://blog.cobaltstrike.com/2019/08/21/cobalt-strikes-process-injection-the-details/)

- 2019.08 [freebuf] [利用CobaltStrike捆绑后门的艺术](https://www.freebuf.com/sectool/210416.html)

- 2019.08 [blackhillsinfosec] [Using CloudFront to Relay Cobalt Strike Traffic](https://www.blackhillsinfosec.com/using-cloudfront-to-relay-cobalt-strike-traffic/)

- 2019.08 [aliyun] [CobaltStrike插件开发官方指南 Part2](https://xz.aliyun.com/t/5892)

- 2019.08 [aliyun] [CobaltStrike插件开发官方指南 Part1](https://xz.aliyun.com/t/5887)

- 2019.08 [aliyun] [初探CobaltStrike权限维持及其自动化](https://xz.aliyun.com/t/5881)

- 2019.08 [4hou] [捆绑后门的艺术--CobaltStrike backdoor分析](https://www.4hou.com/tools/19585.html)

- 2019.07 [malware] [2019-07-22 - HANCITOR-STYLE AMADEY MALSPAM PUSHES PONY & COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/25/index.html)

- 2019.07 [malware] [2019-07-22 - HANCITOR SWITCHES TO AMADEY, STILL PUSHING PONY/URSNIF/COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/22/index.html)

- 2019.07 [malware] [2019-07-03 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/03/index.html)

- 2019.07 [malware] [2019-07-02 - QUICK POST: HANCITOR INFECTION WITH COBALT STRIKE](http://malware-traffic-analysis.net/2019/07/02/index2.html)

- 2019.06 [evi1cg] [Cobalt Strike Spear Phish](https://evi1cg.me/archives/spear_phish.html)

- 2019.05 [rsa] [Detecting Command and Control in RSA NetWitness: Cobalt Strike](https://community.rsa.com/community/products/netwitness/blog/2019/05/28/detecting-command-and-control-in-rsa-netwitness-cobalt-strike)

- 2019.05 [cobaltstrike] [Cobalt Strike 3.14 – Post-Ex Omakase Shimasu](https://blog.cobaltstrike.com/2019/05/02/cobalt-strike-3-14-post-ex-omakase-shimasu/)

- 2019.04 [pentestpartners] [Cobalt Strike. Walkthrough for Red Teamers](https://www.pentestpartners.com/security-blog/cobalt-strike-walkthrough-for-red-teamers/)

- 2019.04 [4hou] [渗透测试神器Cobalt Strike的“双面间谍”身份分析](https://www.4hou.com/web/16613.html)

- 2019.02 [aliyun] [渗透利器Cobalt Strike - 第2篇 APT级的全面免杀与企业纵深防御体系的对抗](https://xz.aliyun.com/t/4191)

- 2019.02 [obscuritylabs] [Installing CobaltStrike on Ubuntu 18.04](https://obscuritylabs.com/blog/2019/02/23/installing-cobaltstrike-on-ubuntu-18-04/)

- 2019.02 [obscuritylabs] [Installing CobaltStrike on Ubuntu 18.04](https://blog.obscuritylabs.com/install/)

- 2019.02 [4hou] [使用Cobalt Strike和Gargoyle绕过杀软的内存扫描](http://www.4hou.com/binary/16203.html)

- 2019.01 [xpnsec] [How to Argue like Cobalt Strike](https://blog.xpnsec.com/how-to-argue-like-cobalt-strike/)

- 2019.01 [cobaltstrike] [Cobalt Strike 3.13 – Why do we argue?](https://blog.cobaltstrike.com/2019/01/02/cobalt-strike-3-13-why-do-we-argue/)

- 2018.11 [olafhartong] [Cobalt Strike Remote Threads detection](https://medium.com/p/206372d11d0f)

- 2018.09 [crowdstrike] [Meet CrowdStrike’s Adversary of the Month for September: COBALT SPIDER](https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-september-cobalt-spider/)

- 2018.09 [cobaltstrike] [Cobalt Strike 3.12 – Blink and you’ll miss it](https://blog.cobaltstrike.com/2018/09/06/cobalt-strike-3-12-blink-and-youll-miss-it/)

- 2018.08 [freebuf] [一起来看看Cobaltstrike和Armitage联动能达到什么效果](http://www.freebuf.com/sectool/180395.html)

- 2018.07 [f] [Bypassing Memory Scanners with Cobalt Strike and Gargoyle](https://labs.f-secure.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/)

- 2018.07 [mwrinfosecurity] [利用 Cobalt Strike 和 Gargoyle 绕过内存扫描器](https://labs.mwrinfosecurity.com/blog/experimenting-bypassing-memory-scanners-with-cobalt-strike-and-gargoyle/)

- 2018.04 [cobaltstrike] [Cobalt Strike 3.11 – The snake that eats its tail](https://blog.cobaltstrike.com/2018/04/09/cobalt-strike-3-11-the-snake-that-eats-its-tail/)

- 2018.04 [4hou] [【更新】Cobalt strike3.8 中文支持](http://www.4hou.com/technology/10933.html)

- 2018.04 [evi1cg] [Cobalt strike3.8 中文支持(Update)](https://evi1cg.me/archives/CS3_8_chinese_support.html)

- 2018.03 [360] [Cobalt Strike：使用混淆技术绕过Windows Defender](https://www.anquanke.com/post/id/101308/)

- 2018.03 [aliyun] [Cobalt Strike——利用混淆处理绕过Windows Defender](https://xz.aliyun.com/t/2173)

- 2018.03 [aliyun] [【软件安全】Patch Cobalt Strike3.8 去除后门并修补功能](https://xz.aliyun.com/t/2170)

- 2018.03 [] [Cobalt Strike Visualizations](https://medium.com/p/e6a6e841e16b)

- 2018.03 [offensiveops] [使用混淆绕过Windows Defender](http://www.offensiveops.io/tools/cobalt-strike-bypassing-windows-defender-with-obfuscation/)

- 2018.03 [360] [Cobalt Strike中DNS隐蔽隧道的利用，以及使用DLP进行检测](https://www.anquanke.com/post/id/99408/)

- 2018.01 [4hou] [cobalt strike OPSEC配置文件简介](http://www.4hou.com/technology/10095.html)

- 2018.01 [bluescreenofjeff] [Cobalt Strike OPSEC Profiles](https://bluescreenofjeff.com/2018-01-23-cobalt-strike-opsec-profiles/)

- 2017.12 [freebuf] [Cobalt Strike实战技巧持久性权限控制姿势](http://www.freebuf.com/sectool/157952.html)

- 2017.12 [cobaltstrike] [Cobalt Strike 3.10 – Хакер vs. 肉雞](https://blog.cobaltstrike.com/2017/12/11/cobalt-strike-3-10-%d1%85%d0%b0%d0%ba%d0%b5%d1%80-vs-%e8%82%89%e9%9b%9e/)

- 2017.12 [threatexpress] [Slack Notifications for Cobalt Strike](http://threatexpress.com/blogs/2016/slack-notifications-for-cobalt-strike/)

- 2017.12 [blackhillsinfosec] [A Morning with Cobalt Strike & Symantec](https://www.blackhillsinfosec.com/morning-cobalt-strike-symantec/)

- 2017.11 [riskiq] [Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions](https://www.riskiq.com/blog/labs/cobalt-strike/)

- 2017.11 [fortinet] [Cobalt Malware Strikes Using CVE-2017-11882 RTF Vulnerability](https://blog.fortinet.com/2017/11/27/cobalt-malware-strikes-using-cve-2017-11882-rtf-vulnerability)

- 2017.11 [fortinet] [FortiGuard Labs 发现利用 RTF 漏洞 CVE-2017-11882 攻击的恶意软件](https://www.fortinet.com/blog/threat-research/cobalt-malware-strikes-using-cve-2017-11882-rtf-vulnerability.html)

- 2017.11 [trendmicro] [黑客组织 Cobalt 利用 CVE-2017-8759漏洞攻击俄国银行](https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/)

- 2017.10 [secvul] [Metasploit和Cobalt Strike的四种联动场景](https://secvul.com/topics/862.html)

- 2017.10 [360] [如何利用Office 365的任务功能搭建Cobalt Strike C2通道](https://www.anquanke.com/post/id/86974/)

- 2017.09 [rsa] [Malspam delivers Cobalt Strike payload 9-19-2017](https://community.rsa.com/community/products/netwitness/blog/2017/09/25/malspam-delivers-cobalt-strike-payload-9-19-2017)

- 2017.09 [mwrinfosecurity] [“Tasking” Office 365 for Cobalt Strike C2](https://labs.mwrinfosecurity.com/blog/tasking-office-365-for-cobalt-strike-c2/)

- 2017.09 [cobaltstrike] [Cobalt Strike 3.9 – Livin’ in a Stager’s Paradise](https://blog.cobaltstrike.com/2017/09/20/cobalt-strike-3-9-livin-in-a-stagers-paradise/)

- 2017.09 [evi1cg] [cobaltstrike3.8 破解版](https://evi1cg.me/archives/CobaltStrike_3_8_Cracked-html.html)

- 2017.06 [vkremez] [Let's Learn (DIY): Sophisticated Cobalt Strike Gang's CVE-2017-0199 Loader](https://www.vkremez.com/2017/06/lets-learn-diy-sophisticated-cobalt.html)

- 2017.05 [cobaltstrike] [Cobalt Strike 3.8 – Who’s Your Daddy?](https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/)

- 2017.05 [freebuf] [Cobalt Strike学习笔记（持续更新）](http://www.freebuf.com/sectool/133369.html)

- 2017.04 [ecforce] [CVE-2017-0199 exploitation with Cobalt Strike tutorial](https://www.secforce.com/blog/2017/04/cve-2017-0199-exploitation-with-cobalt-strike-tutorial/)

- 2017.04 [trustedsec] [Equation Group Dump Analysis and Full RCE on Win7 on MS17-010 with Cobalt Strike](https://www.trustedsec.com/2017/04/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/)

- 2017.04 [aliyun] [Cobalt Strike搭建和使用以及bybass杀软](https://xz.aliyun.com/t/199)

- 2017.03 [cobaltstrike] [Cobalt Strike 3.7 – Cat, Meet Mouse](https://blog.cobaltstrike.com/2017/03/15/cobalt-strike-3-7-cat-meet-mouse/)

- 2017.03 [freebuf] [Cobalt Strike内网穿梭之如何在互联网中建立一个属于自己的Cobalt Strike服务器](http://www.freebuf.com/articles/network/128121.html)

- 2017.02 [zairon] [From RTF to Cobalt Strike passing via Flash](https://zairon.wordpress.com/2017/02/05/from-rtf-to-cobalt-strike-passing-via-flash/)

- 2017.01 [freebuf] [Cobalt strike在内网渗透中的使用](http://www.freebuf.com/sectool/125237.html)

- 2017.01 [inspired] [WMI Persistence with Cobalt Strike](https://blog.inspired-sec.com/archive/2017/01/20/WMI-Persistence.html)

- 2017.01 [freebuf] [利用Cobalt strike一步步教你发送钓鱼邮件](http://www.freebuf.com/sectool/124905.html)

- 2017.01 [freebuf] [提权利器Cobalt Strike发布3.6版本](http://www.freebuf.com/sectool/122742.html)

- 2016.12 [evi1cg] [cobaltstrike3.6 破解版](https://evi1cg.me/archives/CobaltStrike_3_6_Cracked.html)

- 2016.12 [cobaltstrike] [Cobalt Strike 3.6 – A Path for Privilege Escalation](https://blog.cobaltstrike.com/2016/12/08/cobalt-strike-3-6-a-path-for-privilege-escalation/)

- 2016.12 [threatexpress] [Slack Notifications for Cobalt Strike](http://threatexpress.com/2016/12/slack-notifications-for-cobalt-strike/)

- 2016.10 [cobaltstrike] [Cobalt Strike Tapas II](https://blog.cobaltstrike.com/2016/10/19/cobalt-strike-tapas-ii/)

- 2016.10 [cobaltstrike] [Cobalt Strike 3.5.1 – Important Security Update](https://blog.cobaltstrike.com/2016/10/03/cobalt-strike-3-5-1-important-security-update/)

- 2016.09 [cobaltstrike] [Cobalt Strike RCE. Active Exploitation Reported.](https://blog.cobaltstrike.com/2016/09/28/cobalt-strike-rce-active-exploitation-reported/)

- 2016.09 [cobaltstrike] [Cobalt Strike 3.5 – UNIX Post Exploitation](https://blog.cobaltstrike.com/2016/09/22/cobalt-strike-3-5-unix-post-exploitation/)

- 2016.09 [cobaltstrike] [Cobalt Strike Tapas](https://blog.cobaltstrike.com/2016/09/16/cobalt-strike-tapas/)

- 2016.07 [cobaltstrike] [Cobalt Strike 3.4 – Operational Details](https://blog.cobaltstrike.com/2016/07/29/cobalt-strike-3-4-operational-details/)

- 2016.07 [cobaltstrike] [HOWTO: Reset Your Cobalt Strike License Key](https://blog.cobaltstrike.com/2016/07/15/howto-reset-your-cobalt-strike-license-key/)

- 2016.06 [bluescreenofjeff] [Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite](https://bluescreenofjeff.com/2016-06-28-cobalt-strike-http-c2-redirectors-with-apache-mod_rewrite/)

- 2016.05 [freebuf] [CobaltStrike最新版完美破解方法](http://www.freebuf.com/sectool/103766.html)

- 2016.01 [evi1cg] [强化你的Cobalt strike之Cortana](https://evi1cg.me/archives/Cortana.html)

- 2015.12 [freebuf] [在Kali 2.0下安装破解最新版Cobalt Strike](http://www.freebuf.com/sectool/91144.html)

- 2015.11 [evi1cg] [Cobalt strike3.0使用手册](https://evi1cg.me/archives/Cobalt_strike.html)

- 2015.10 [tan6600] [Kali 2.0 安装 Cobalt Strike](https://blog.csdn.net/tan6600/article/details/48845771)

- 2015.09 [] [科普：一条语句破解Cobaltstrike](http://www.91ri.org/14324.html)

- 2015.08 [freebuf] [如何制作Cobalt Strike v2.5破解版](http://www.freebuf.com/sectool/76206.html)

- 2015.01 [freebuf] [自动化攻击测试平台Cobalt Strike v2.3破解版](http://www.freebuf.com/sectool/57810.html)

- 2014.09 [freebuf] [自动化攻击测试平台Cobalt Strike v2.1（破解版）](http://www.freebuf.com/sectool/44629.html)

- 2014.08 [freebuf] [自动化攻击测试平台Cobalt Strike 2.0.49破解版](http://www.freebuf.com/sectool/41031.html)

- 2014.01 [security] [Four Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2014/01/four-days-with-cortana-script-engine.html)

- 2013.12 [security] [Three Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/11/two-days-with-cortana-script-engine.html)

- 2013.12 [security] [Cobalt Strike Report Hosts *Mod*](http://security-is-just-an-illusion.blogspot.com/2013/12/cobalt-strike-report-hosts-mod.html)

- 2013.12 [security] [Two Days with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/12/two-days-with-cortana-script-engine.html)

- 2013.12 [security] [One Day with Cortana Script Engine - Cobalt Strike/Armitage](http://security-is-just-an-illusion.blogspot.com/2013/11/one-day-with-cortana-script-engine.html)

- 2013.12 [freebuf] [自动化攻击测试平台Cobalt Strike 1.48破解版](http://www.freebuf.com/sectool/18888.html)

- 2013.11 [freebuf] [关于”windows 2008如何安装Cobalt Strike”的一些想法](http://www.freebuf.com/articles/system/18180.html)

- 2013.11 [freebuf] [windows 2008如何安装Cobalt Strike](http://www.freebuf.com/articles/others-articles/18096.html)

- 2013.08 [freebuf] [Cobalt Strike Windows版破解](http://www.freebuf.com/sectool/11734.html)

- 2013.04 [freebuf] [Cobalt Strike—Armitage商业版](http://www.freebuf.com/sectool/8445.html)

- 2012.08 [toolswatch] [Blackhat USA 2012: Interview with Raphael Mudge about Armitage (Also Introducing CobaltStrike)](http://www.toolswatch.org/2012/08/blackhat-usa-2012-interview-with-raphael-mudge-about-armitage-also-introducing-cobaltstrike/)

# 贡献

内容为系统自动导出, 有任何问题请提issue