Cobalt Strike's ExternalC2 framework Logo

Cobalt Strike's ExternalC2 framework

1
Free
Visit Website

ExternalC2 is a specification/framework introduced by Cobalt Strike, which allows hackers to extend the default HTTP(S)/DNS/SMB C2 communication channels offered. Essentially this works by allowing the user to develop a number of components: Third-Party Controller - Responsible for creating a connection to the Cobalt Strike TeamServer, and communicating with a Third-Party Client on the target host using a custom C2 channel. Third-Party Client - Responsible for communicating with the Third-Party Controller using a custom C2 channel, and relaying commands to the SMB Beacon. SMB Beacon - The standard beacon which will be executed on the victim host. Using the diagram from CS’s documentation, we can see just how this all fits together.

FEATURES

ALTERNATIVES

A DNS rebinding exploitation framework

A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.

A C/C++ tool for remote process injection, supporting x64 and x86 operations, with system call macros generated by SysWhispers script.

A tool for mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

GNU/Linux Wireless distribution for security testing with XFCE desktop environment.

An open-source intelligence collection, research, and artifact management tool inspired by SpiderFoot, Harpoon, and DataSploit.

Comprehensive tutorial on modern exploitation techniques with a focus on understanding exploitation from scratch.

Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.