Cobalt Strike's ExternalC2 framework Logo

Cobalt Strike's ExternalC2 framework

1
Free
Visit Website

ExternalC2 is a specification/framework introduced by Cobalt Strike, which allows hackers to extend the default HTTP(S)/DNS/SMB C2 communication channels offered. Essentially this works by allowing the user to develop a number of components: Third-Party Controller - Responsible for creating a connection to the Cobalt Strike TeamServer, and communicating with a Third-Party Client on the target host using a custom C2 channel. Third-Party Client - Responsible for communicating with the Third-Party Controller using a custom C2 channel, and relaying commands to the SMB Beacon. SMB Beacon - The standard beacon which will be executed on the victim host. Using the diagram from CS’s documentation, we can see just how this all fits together.

FEATURES

ALTERNATIVES

A Python library for exploiting race conditions in web apps

A set of YARA rules for identifying files containing sensitive information

A fuzzing framework for Android that creates corrupt media files to identify potential vulnerabilities

A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.

A blog post discussing the often overlooked dangers of CSV injection in applications.

Phrack Magazine is a digital magazine that focuses on computer security and hacking, featuring articles, interviews, and tutorials on various topics related to computer security.

Interactive online malware sandbox for real-time analysis and threat intelligence

A lightweight and portable Docker container for penetration testers and CTF players

PINNED