Security Operations for C2
Security operations tools for SIEM, SOAR, threat hunting, incident response, and security operations center (SOC) management. Task: C2
Browse 39 security tools
FEATURED
USE CASES
Alpha release of External C2 framework for Cobalt Strike with enhanced data channels.
AI agent platform for automating offensive security operations and evals.
Red team toolkit for EDR evasion, initial access, and post-exploitation.
Post-exploitation threat emulation platform for red team operations.
Web-based C3ISR system for monitoring globally distributed mobile devices & assets
Proactive threat hunting platform for detecting adversary infrastructure
Threat emulation tool for adversary simulations and red team operations
A specification/framework for extending default C2 communication channels in Cobalt Strike
A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.
Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.
A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks
Customize Empire's GET request URIs, user agent, and headers for evading detection and masquerading as other applications.
Learn how to create new Malleable C2 profiles for Cobalt Strike to avoid detection and signatured toolset
GHH is a honeypot tool to defend against search engine hackers using Google as a hacking tool.
A PHP-based command and control framework that maintains persistent web server access through polymorphic backdoors and HTTP header communication tunneling.
A payload creation framework for generating and executing C# code payloads with anti-evasion capabilities for offensive security operations.
A cross-platform post-exploitation HTTP/2 Command & Control framework designed specifically for testing and exploiting containerized environments including Docker and Kubernetes.
SILENTTRINITY is a Python-based, asynchronous C2 framework that uses .NET scripting languages for post-exploitation activities without relying on PowerShell.
A Python framework for building custom Command and Control interfaces that implements Cobalt Strike's External C2 specification for data transfer between frameworks.
A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.
SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.
SharpC2 is a C#-based Command and Control framework that provides remote access capabilities for penetration testing and red team operations.
RedWarden is a Cobalt Strike C2 reverse proxy that uses packet inspection and malleable profile correlation to evade detection by security controls during red team operations.
RedGuard is a C2 front flow control tool that helps evade detection by security systems through traffic filtering and redirection capabilities.