Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.

Last update: Nov 26, 2022

Related tags

Miscellaneous opsec-aggressor

Overview

opsec-aggressor

Aggressor script that gets the latest commands from CobaltStrikes opsec page and creates an aggressor script based on tool options.

Grabs latest commands from https://www.cobaltstrike.com/help-opsec and sets block/allow based on tool input.

Options of commands to block/allow are:

API-only
House-keeping Commands
Inline Execute (BOF)
Post-Exploitation Jobs (Fork&Run)
Process Execution
Process Execution (cmd.exe)
Process Execution (powershell.exe)
Process Injection (Remote)
Process Injection (Spawn&Inject)
Service Creation

Credit

Thanks to bluescreenofjeff and _tifkin for the original opsec aggressor scripts. It was more better since it rewrote some of the dropdown options but it hasn't been updated in 4 years, much has changed since then.

Usage

usage: get_opsec.py [-h] [-c COMMANDS]

optional arguments:
  -h, --help            show this help message and exit
  -c COMMANDS, --commands COMMANDS
                        Beacon commands to enable (comma delimted) Options: API-only House-keeping bof Post-Exploitation cmd.exe powershell.exe remote spawn&inject service

Example

$ python3 get_opsec.py -c API-only,House-keeping,bof,cmd.exe | tee opsec.cna
#TTP: API-only
%commands["cd"]="true";
%commands["cp"]="true";
%commands["connect"]="true";
%commands["download"]="true";
%commands["drives"]="true";
%commands["exit"]="true";
.
.
.
#configuring the block commands
foreach $key (sorta(keys(%commands))) {
        if (%commands[$key] eq "block") {
                alias($key, {
                        berror($1,"This command's execution has been blocked. Remove the opsec profile to run the command.");
                });
        }
}

#Adding the opsec command to check the current settings
beacon_command_register("opsec", "Show the settings of the loaded opsec profile",
        "Synopsis: opsec

" .
        "Displays a list of command settings for the currently loaded opsec profile.");

alias("opsec",{
        blog($1,"The current opsec profile has the following commands set to block/block: ");
        foreach $key (sorta(keys(%commands))) {
                blog2($1,$key . " - " . %commands[$key]);
        }
});

Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.

Related tags

Overview

opsec-aggressor

Credit

Usage

Example

Owner

JP

JHBuild is a tool designed to ease building collections of source packages, called “modules”.

A code base for python programs the goal is to integrate all the useful and essential functions

Automatic and platform-independent unpacker for Windows binaries based on emulation

This is a Python 3.10 port of mock, a library for manipulating human-readable message strings.

Library to emulate the Sneakers movie effect

🦋 hundun is a python library for the exploration of chaos.

A Klipper plugin for accurate Z homing

Security-related flags and options for C compilers

Dev-meme - A repository that contains memes just for people like us

Draw random mazes in python

Something like Asteroids but not really, done in CircuitPython

Introduction to Databases Coursework 2 (SQL) - dataset generator

That is a example of a Book app on Python, made with support of all JS libraries on React framework

A tool for RaceRoom Racing Experience which shows you launch data

This is a pretty basic but relatively nice looking Python Pomodoro Timer.

tg-nearby Trilateration of nearby Telegram users as described in my corresponding article.

An easy python calculator for those who want's to know how if statements, loops, and imports works give it a try!

Buffer Overflows

Wordless - the #1 app for helping you cheat at Wordle, which is sure to make you popular at parties

Python Monopoly Simulator