This project is intended to serve as reference when designing Cobalt Strike Malleable C2 profiles.
Always verify your profile with ./c2lint [/path/to/my.profile] prior to use!
The following dive deeper into the understanding of Malleable C2
- MalleableExplained.md : Quick profile reference guide
- ThreatExpress - A Deep Dive into Cobalt Strike Malleable C2 : Orignal blog post the where the jquery reference profile was created
- Understanding Cobalt Strike Profiles : Revised (current) blog on profile guidance
- Random Profile Generator : Profile generator with more examples and options for settings
- Added 4.6 refernce profile
- No more '1MB' limit
- Add section "Task and Proxy Max Size" with new options
- set tasks_max_size "1048576";
- set tasks_proxy_max_size "921600";
- set tasks_dns_proxy_max_size "71680";
- Additional Considerations for the 'task_' Settings
- Add section "Task and Proxy Max Size" with new options
- Updated MalleableExplained.md with 4.6 considerations
- Added 4.5 reference profile
- Updated MalleableExplained.md with 4.5 considerations
202108 - Added MalleableExplained.md
- Reference from Andy Gill (@ZephrFish)
- Reference blog: https://blog.zsec.uk/cobalt-strike-profiles/
- Add latest Malleable C2 profile options for Cobalt Strike 4.3
- Moved dns settings to new
dns-beaconsection - 4.3 Additions
- dns-beacon
- beacon
- get_A
- get_AAAA
- get_TXT
- put_metadata
- put_output
- ns_response
- http-config
- block_useragents
- dns-beacon
- Add latest MalleablePE and MalleableC2 options for Cobalt Strike 4.1 and 4.2
- 4.1 Additions:
tcp_frame_header,smb_frame_header,ssh_banner - 4.2 Additions:
- global
data_jitterheaders_removessh_pipename
- postex
pipenamethread_hintkeylogger
- stage
allocatormagic_mz_86|magic_mz_64magic_pe
- global
- Add CS4.0 reference profile of available malleable C2 options
- Remove deprecated features (
amsi_disable,disablefor process injection techniques, etc)
- @joevest
- @001SPARTaN
- @andrewchiles
This project and all individual scripts are under the GNU GPL v3.0 license.