Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.

Last update: Nov 26, 2022

Related tags

Miscellaneous opsec-aggressor

Overview

opsec-aggressor

Aggressor script that gets the latest commands from CobaltStrikes opsec page and creates an aggressor script based on tool options.

Grabs latest commands from https://www.cobaltstrike.com/help-opsec and sets block/allow based on tool input.

Options of commands to block/allow are:

API-only
House-keeping Commands
Inline Execute (BOF)
Post-Exploitation Jobs (Fork&Run)
Process Execution
Process Execution (cmd.exe)
Process Execution (powershell.exe)
Process Injection (Remote)
Process Injection (Spawn&Inject)
Service Creation

Credit

Thanks to bluescreenofjeff and _tifkin for the original opsec aggressor scripts. It was more better since it rewrote some of the dropdown options but it hasn't been updated in 4 years, much has changed since then.

Usage

usage: get_opsec.py [-h] [-c COMMANDS]

optional arguments:
  -h, --help            show this help message and exit
  -c COMMANDS, --commands COMMANDS
                        Beacon commands to enable (comma delimted) Options: API-only House-keeping bof Post-Exploitation cmd.exe powershell.exe remote spawn&inject service

Example

$ python3 get_opsec.py -c API-only,House-keeping,bof,cmd.exe | tee opsec.cna
#TTP: API-only
%commands["cd"]="true";
%commands["cp"]="true";
%commands["connect"]="true";
%commands["download"]="true";
%commands["drives"]="true";
%commands["exit"]="true";
.
.
.
#configuring the block commands
foreach $key (sorta(keys(%commands))) {
        if (%commands[$key] eq "block") {
                alias($key, {
                        berror($1,"This command's execution has been blocked. Remove the opsec profile to run the command.");
                });
        }
}

#Adding the opsec command to check the current settings
beacon_command_register("opsec", "Show the settings of the loaded opsec profile",
        "Synopsis: opsec

" .
        "Displays a list of command settings for the currently loaded opsec profile.");

alias("opsec",{
        blog($1,"The current opsec profile has the following commands set to block/block: ");
        foreach $key (sorta(keys(%commands))) {
                blog2($1,$key . " - " . %commands[$key]);
        }
});

Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.

Related tags

Overview

opsec-aggressor

Credit

Usage

Example

Owner

JP

Convert Photoshop curves (acv) to xmp presets for Lightroom

Jogo em redes similar ao clássico pedra papel e tesoura

a sketch of what a zkvm could look like

Template for pre-commit hooks

IOP Support for Python (Experimental)

A free website that keeps the people informed about housing and evictions.

Ferramenta de monitoramento do risco de colapso no sistema de saúde em municípios brasileiros com a Covid-19.

Groupe du projet Python en 2TL2-4

Modern API wrapper for Genshin Impact built on asyncio and pydantic.

This program is meant to take the pain out of generating nice bash PS1 prompts.

RCCで開催する『バックエンド勉強会』の資料

This repo presents you the official code of "VISTA: Boosting 3D Object Detection via Dual Cross-VIew SpaTial Attention"

A multi purpose password managing and generating tool called Kyper.

Zeus is an open source flight intellingence tool which supports more than 13,000+ airlines and 250+ countries.

Inacap - Programa para pasar las notas de inacap a una hoja de cálculo rápidamente.

Shopify Backend Developer Intern Challenge - Summer 2022

To lazy to read your homework ? Get it done with LOL

Chemical Analysis Calculator, with full solution display.

Creates infinite amount of guilded accounts in seconds.

Model Quantization Benchmark