C2

Silent Push Platform provides preemptive cyber defense by identifying malicious infrastructure before attacks are launched using Indicators of Future Attack (IOFA)™ technology.

A threat intelligence service providing actionable IoCs and security data feeds to help organizations detect, block, and respond to cyber threats.

C3 is a framework by WithSecureLabs for rapid prototyping of custom command and control channels that integrates with existing offensive security toolkits.

A company that helps organizations create security-aware teams and produce bug-free software.

Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.

Tool for randomizing Cobalt Strike Malleable C2 profiles to evade static, signature-based detection controls.

A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.

A specification/framework for extending default C2 communication channels in Cobalt Strike

PyBOF is a Python library that enables in-memory loading and execution of Beacon Object Files (BOFs) with support for argument passing and function targeting.

A Python framework for building custom Command and Control interfaces that implements Cobalt Strike's External C2 specification for data transfer between frameworks.

A cross-platform HTTP/2 Command & Control framework written in Golang for post-exploitation activities and remote system management.

Alpha release of External C2 framework for Cobalt Strike with enhanced data channels.

A comprehensive guide for customizing Cobalt Strike's C2 profiles to enhance stealth and operational security.

Shadow Workers is an open source C2 framework and proxy tool for penetration testers to exploit XSS vulnerabilities and malicious Service Workers.

SourcePoint generates customizable C2 profiles for Cobalt Strike servers to enhance evasion capabilities against security defenses.

A lightweight Command and Control (C2) implant written in Nim that provides remote access capabilities for penetration testing and red team operations.

A covert channel technique that uses WebDAV protocol features to deliver malicious payloads and establish C2 communication while bypassing security controls.

A COM Command & Control framework that uses JScript to provide fileless remote access capabilities on Windows systems through a modular plugin architecture.

Havoc is a malleable post-exploitation command and control framework that provides a client-server architecture with payload generation, customizable C2 profiles, and team collaboration capabilities for red team operations.

A cross-platform post-exploitation HTTP/2 Command & Control framework designed specifically for testing and exploiting containerized environments including Docker and Kubernetes.

Using Apache mod_rewrite as a redirector to filter C2 traffic for Cobalt Strike servers.

SharpC2 is a C#-based Command and Control framework that provides remote access capabilities for penetration testing and red team operations.

Covenant is a collaborative .NET command and control framework designed for red team operations and offensive security engagements.

A lightweight bash script IOC scanner for Linux/Unix/macOS systems that detects malicious indicators through hash matching, filename analysis, string searches, and C2 server identification without requiring installation.