Malleable Command and Control (C2) profiles provide red teamers and penetration testers with a wealth of options to modify how Cobalt Strike both appears on the wire and on the compromised host. Malleable C2 can be used to impersonate actual threat actors or normal web traffic. As with every advancement in offensive tradecraft, blue teams and defensive products are bound to implement static signature-based protections. In my opinion, a defender should use any resources available, including signature-based detections; however, they shouldn’t rely on any one defensive technique. As red teamers, it’s our job to exercise the blue team’s controls and processes and this is precisely what Malleable C2 profiles permit us to exercise. In this blog post, I’ll detail a script I wrote to randomize Malleable C2 profiles, allowing us to customize the same profile template every time we use it and hopefully reduce the chances of flagging static, signature-based detection controls. The script is available here. The Script The script randomizes Cobalt Strike Malleable C2 profiles through the use of a metalanguage, replacing keywords with random, pre-configured strings. In short, the script parses the provided template, substitutes the variables for a random value from either a provided or b
Generate a variety of suspect actions detected by Falco rulesets.
An image with commonly used tools for creating a pentest environment easily and quickly, with detailed instructions for launching in a VPS.
C3 is a framework for creating custom C2 channels, integrating with existing offensive toolkits.
A reconnaissance tool that retrieves information from Office 365 and Azure Active Directory using a valid credential.
MiniCPS is a framework for Cyber-Physical Systems real-time simulation with support for physical process and control devices simulation, and network emulation.
A modern post-exploitation command and control framework with a client-server architecture and extensibility features.
Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.
A black-box obfuscation tool for Android apps with Android App Bundle support.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.