REDMED-X
63c2e40ed0
Update README.md
|
před 2 roky | |
|---|---|---|
| KIT | před 2 roky | |
| LICENSE | před 2 roky | |
| README.md | před 2 roky |
README.md
OperatorsKit
This repository contains a collection of tools that integrate with Cobalt Strike through Beacon Object Files (BOF).
Kit content
The following tools are currently in the operators' kit:
| Name | Decription |
|---|---|
| BlindEventlog | Blind Eventlog by suspending its threads. |
| FindDotnet | Find processes that most likely have .NET loaded. |
| FindHandle | Find "process" and "thread" handle types between processes. |
| FindLib | Find loaded module(s) in remote process(es). |
| FindRWX | Find RWX memory regions in a target process. |
| FindSysmon | Verify if Sysmon is running through enumerating Minifilter drivers and checking the registry. |
| LoadLib | Load a on disk present DLL via RtlRemoteCall API in a remote process. |
| PSremote | List all running processes on a remote host. |
| SilenceSysmon | Silence the Sysmon service by patching its capability to write ETW events to the log. |
Usage
Each individual tool has its own README file with usage and compile information.
Credits
A round of virtual applause to reenz0h. Lots of tools in this kit are based on his code examples and ideas from the Malware Development and Windows Evasion courses. I highly recommend taking them!
Furthermore, some code from the C2-Tool-Collection project is copied to neatly print beacon output.