Cobalt Strike's ExternalC2 framework Logo

Cobalt Strike's ExternalC2 framework

1
Free
Visit Website

ExternalC2 is a specification/framework introduced by Cobalt Strike, which allows hackers to extend the default HTTP(S)/DNS/SMB C2 communication channels offered. Essentially this works by allowing the user to develop a number of components: Third-Party Controller - Responsible for creating a connection to the Cobalt Strike TeamServer, and communicating with a Third-Party Client on the target host using a custom C2 channel. Third-Party Client - Responsible for communicating with the Third-Party Controller using a custom C2 channel, and relaying commands to the SMB Beacon. SMB Beacon - The standard beacon which will be executed on the victim host. Using the diagram from CS’s documentation, we can see just how this all fits together.

FEATURES

ALTERNATIVES

Kali Linux is a specialized Linux distribution for cybersecurity professionals, focusing on penetration testing and security auditing.

A tutorial on how to use Apache mod_rewrite to randomly serve payloads in phishing attacks

Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.

A post-exploitation tool for pentesting Active Directory

A set of YARA rules for identifying files containing sensitive information

Modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework with Python 3 and .NETs DLR.

A YARA interactive debugger for the YARA language written in Rust, providing features like function calls, constant evaluation, and string matching.

Chameleon aids in evading proxy categorization to bypass internet filters.