Search the Community
Showing results for tags 'beacon'.
-
geacon_pro is an Anti-Virus bypassing CobaltStrike Beacon written in Golang based on the geacon project. geacon_pro supports CobaltStrike version 4.1+ geacon_pro has implemented most functions of Beacon. The core of bypassing Anti-Virus can be reflected in three aspects: There is no CobaltStrike Beacon feature. Viruses written in Golang can bypass the detection of antivirus software to a certain extent. Some dangerous functions which can be easily detected by antivirus software has been changed to more stealthy implementations. Functions Windows platform: sleep, shell, upload, download, exit, cd, pwd, file_browse, ps, kill, getuid, mkdir, rm, cp, mv, run, execute, drives, powershell-import, powershell, execute-assembly, Multiple thread injection methods (you can replace the source code yourself), inject, shinject, dllinject, pipe, Various CobaltStrike native reflection dll injection (mimikatz, portscan, screenshot, keylogger, etc.), steal_token, rev2self, make_token, getprivs, proxy, delete self, timestomp, etc. Supports reflectiveDll, execute-assembly, powershell, powerpick, upload and execute, and other functions of cna custom plugins. Linux, Mac platform: sleep, shell, upload, download, exit, cd, pwd, file_browse, ps, kill, getuid, mkdir, rm, cp, mv, delete self, etc. Process management and file management support graphical interaction. [hide][Hidden Content]]
-
- 1
-
- geacon_pro:
- cross-platform
-
(and 4 more)
Tagged with:
-
Beaconator Beaconator is an aggressor script for Cobalt Strike used to generate a raw stageless shellcode and packing the generated shellcode using PEzor. Changelog v1.1 Fixed error check with the use of x86 arch & syscalls Fixed the “null value error” due to missing output folder Fixed issue with options persisting to subsequent payload generations Added PEzor’s BOF format Added the -cleanup option for BOFs Added the -sleep option Added more error checks Cleaned up the code [hide][Hidden Content]]
-
- 2
-
- beaconator
- v1.1
- (and 7 more)
-
1 ) DCOM Lateral Movement A quick PoC that uses DCOM (ShellWindows) via beacon object files for lateral movement. You can either specify credentials or use the current user. To use the current user, just leave the domain, username, and password empty. A short article can be about using COM objects in C can be found here. 2 ) WMI Lateral Movement – Win32_Process Create Similar concepts to the previous one, but an interesting learning experience. Code adopted from CIA Vault 8. This method uses the class Win32_Process. 3 ) WMI Lateral Movement – Event Subscription This one uses WMI events for lateral movement. Most of the heavy lifting was done by wumb0in 4 ) On-demand C2 This is an implementation of an on-demand C2 using dotnet BOF. The beacon will enter a sleep state until an email with a given word (in subject or body) is provided. This way your beacon will only call home ONLY when you want it to call home. When the beacon calls home, it will call home with whatever sleep time configured in the malleable profile. When you are done, you can run the BOF again, and the beacon will sleep until you send another email. As an extra, the email with the given word will be deleted before the user gets notified about it. [hide][Hidden Content]]
-
- 1
-
- cobaltstrike
- bof:
-
(and 3 more)
Tagged with:
-
Using Go to implement CobaltStrike’s Beacon This project is for learning protocol analysis and reverse engineering only, if someone’s rights have been violated, please contact me to remove the project, and the last DO NOT USE IT ILLEGALLY [hide][Hidden Content]]