Cobalt Strike's ExternalC2 framework Logo

Cobalt Strike's ExternalC2 framework

1
Free
1 saves
Updated 11 March 2025
Offensive Security
C2
Cobalt Strike
External C2
Framework
Hacking Tool
Pentest
Visit Website

ExternalC2 is a specification/framework introduced by Cobalt Strike, which allows hackers to extend the default HTTP(S)/DNS/SMB C2 communication channels offered. Essentially this works by allowing the user to develop a number of components: Third-Party Controller - Responsible for creating a connection to the Cobalt Strike TeamServer, and communicating with a Third-Party Client on the target host using a custom C2 channel. Third-Party Client - Responsible for communicating with the Third-Party Controller using a custom C2 channel, and relaying commands to the SMB Beacon. SMB Beacon - The standard beacon which will be executed on the victim host. Using the diagram from CS’s documentation, we can see just how this all fits together.

FEATURES

EXPLORE BY TAGS

C2

Cobalt Strike

External C2

Framework

Hacking Tool

Pentest

SIMILAR TOOLS

JSShell Logo
JSShell

An interactive multi-user web JS shell

Free
Offensive Security
Red Team Automation (RTA) Logo
Red Team Automation (RTA)

RTA provides a framework of scripts for blue teams to test detection capabilities against malicious tradecraft, modeled after MITRE ATT&CK.

Free
Offensive Security
GEF (pronounced ʤɛf - 'Jeff') Logo
GEF (pronounced ʤɛf - 'Jeff')

A set of commands for exploit developers and reverse-engineers to enhance GDB functionality.

Free
Offensive Security
Social Engineering Attacks Logo
Social Engineering Attacks

A reminder that technology alone is not enough to stay secure against social engineering tactics.

Free
Offensive Security
Basic Linux Privilege Escalation - g0tmi1k RSS BlogArchives Logo
Basic Linux Privilege Escalation - g0tmi1k RSS BlogArchives

A guide on basic Linux privilege escalation techniques including enumeration, data analysis, exploit customization, and trial and error.

Free
Offensive Security
OWASP Amass Logo
OWASP Amass

Performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.

Free
Offensive Security
Abusing DCOM For Yet Another Lateral Movement Technique Logo
Abusing DCOM For Yet Another Lateral Movement Technique

An exploration of a new method to abuse DCOM for remote payload execution and lateral movement.

Free
Offensive Security
Stratus Red Team Logo
Stratus Red Team

Emulate offensive attack techniques in the cloud with a self-contained Go binary.

Free
Offensive Security
Projectdiscovery.io | Chaos Logo
Projectdiscovery.io | Chaos

A powerful enumeration tool for discovering assets and subdomains.

Free
Offensive Security

PINNED

Mandos Logo

Mandos

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting
Checkmarx SCA Logo

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security
Orca Security Logo

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security
DryRun Logo

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security
CyberSecTools logoCyberSecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved

LINKS
BlogContact
LEGAL
Terms of servicesPrivacy policy