aggressor_scripts_collection

Collection of various aggressor scripts for Cobalt Strike from awesome people. Will be sure to update this repo with credit to each person.

AVQuery.cna

Author: @r3dQu1nn Queries the registry for AV installed

All_In_One.cna

Author: @r3dQu1nn Persistence, Enumeration, Lateral Movement and Logging Aggressor Script

ArtifactPayloadGenerator.cna

Author: @r3dQu1nn Generates every type of Stageless/Staged Payload based off a HTTP/HTTPS Listener

CertUtilWebDelivery.cna

Author: @r3dQu1nn CertUtil Scripted Web Delivery (Stageless)

CheckLAdminContext.ps1

Requirement for Initial-LAdminCheck.cna

DA-Watch.cna

Author: @Bretiz Perform the same DA monitoring but using all Aggressor script to perform DA Group checks

Initial-DACheck.cna

Author: @Killswitch-GUI Currently uses a PowerShell based check, combined with an aggressor script to check for the initial agent user name. While using .NET 3.5 to perform Domain Group enumeration (PowerShell 2+ safe). This allows for alerting on Pen-Test of a DA level beacons

Initial-LAdminCheck.cna

Author: @Killswitch-GUI This script will Auto check for LocalAdmin User on intial agent

Invoke-DACheck.ps1

Author: @Killswitch-GUI Requirement for Invoke-DACheck.cna

Logger.cna

Author: @r3dQu1nn Logging script that captures all the Beacon outputs. Formats the Beacon input line to display timestamps. Use with logs.py to export all the logs for each operator.

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
Logging		Logging
Persistence		Persistence
elevate		elevate
kits		kits
AVQuery.cna		AVQuery.cna
All_In_One.cna		All_In_One.cna
ArtifactPayloadGenerator.cna		ArtifactPayloadGenerator.cna
CertUtilWebDelivery.cna		CertUtilWebDelivery.cna
CheckLAdminContext.ps1		CheckLAdminContext.ps1
DA-Watch.cna		DA-Watch.cna
Initial-DACheck.cna		Initial-DACheck.cna
Initial-LAdminCheck.cna		Initial-LAdminCheck.cna
Invoke-DACheck.ps1		Invoke-DACheck.ps1
Logger.cna		Logger.cna
PowerUp.ps1		PowerUp.ps1
README.md		README.md
apache-style-weblog-output.cna		apache-style-weblog-output.cna
av_hips_executables.txt		av_hips_executables.txt
backdoor_accounts.cna		backdoor_accounts.cna
beaconSMS.cna		beaconSMS.cna
beacon_to_empire.cna		beacon_to_empire.cna
beaconestablishednote.cna		beaconestablishednote.cna
beaconid_note.cna		beaconid_note.cna
beaconpire.cna		beaconpire.cna
bot.cna		bot.cna
checkin_jobs_context.cna		checkin_jobs_context.cna
credpocalypse.cna		credpocalypse.cna
custom_defaults.cna		custom_defaults.cna
dcom_lateral_movement.cna		dcom_lateral_movement.cna
eventlog-to-slack.cna		eventlog-to-slack.cna
forcecheckin.cna		forcecheckin.cna
guest-to-admin.cna		guest-to-admin.cna
loader.cna		loader.cna
logs.py		logs.py
lulz.cna		lulz.cna
mass-dcsync.cna		mass-dcsync.cna
mimikatz-every-30m.cna		mimikatz-every-30m.cna
mimikatz-timestamp-note-BETA.cna		mimikatz-timestamp-note-BETA.cna
misc.cna		misc.cna
persistence.cna		persistence.cna
pesistence-1.cna		pesistence-1.cna
ping_aliases.cna		ping_aliases.cna
powershell.cna		powershell.cna
powerview.ps1		powerview.ps1
save_log.cna		save_log.cna
say.cna		say.cna
service-reboot.cna		service-reboot.cna
silver-tickets.cna		silver-tickets.cna
slack-notify-beacon.cna		slack-notify-beacon.cna
slack-notify-webhit.cna		slack-notify-webhit.cna
sleeptimer.cna		sleeptimer.cna
sticky-keys.cna		sticky-keys.cna
timestamped_activitylog_export.cna		timestamped_activitylog_export.cna

tuian/aggressor_scripts_collection

Folders and files

Latest commit

History

Repository files navigation

aggressor_scripts_collection

AVQuery.cna

All_In_One.cna

ArtifactPayloadGenerator.cna

CertUtilWebDelivery.cna

CheckLAdminContext.ps1

DA-Watch.cna

Initial-DACheck.cna

Initial-LAdminCheck.cna

Invoke-DACheck.ps1

Logger.cna

About

Resources

Stars

Watchers

Forks

Languages