Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite
Imagine you are performing a Red Team engagement and want to reduce the risk of being caught by using a redirector host to filter C2 traffic to your Cobalt Strike server and redirect all other traffic to an innocuous website. One way to achieve this is by setting up an Apache redirector as an intermediary server, allowing your C2 domain to point at it for traffic filtering. This setup provides the benefit of being able to change the redirector's IP and domain if your main server is compromised.
FEATURES
ALTERNATIVES
Wfuzz is a tool designed for bruteforcing Web Applications with multiple features like multiple injection points, recursion, and payload combinations.
A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.
A scripting engine for interacting with GraphQL endpoints for pentesting purposes.
A collection of precompiled Windows exploits for privilege escalation.
APT Simulator is a tool for simulating a compromised system on Windows.
A macOS Initial Access Payload Generator for penetration testing and red teaming exercises.
Caldera is a cybersecurity framework by MITRE for automated security assessments and adversary emulation.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.