Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.

Last update: Nov 26, 2022

Related tags

Miscellaneous opsec-aggressor

Overview

opsec-aggressor

Aggressor script that gets the latest commands from CobaltStrikes opsec page and creates an aggressor script based on tool options.

Grabs latest commands from https://www.cobaltstrike.com/help-opsec and sets block/allow based on tool input.

Options of commands to block/allow are:

API-only
House-keeping Commands
Inline Execute (BOF)
Post-Exploitation Jobs (Fork&Run)
Process Execution
Process Execution (cmd.exe)
Process Execution (powershell.exe)
Process Injection (Remote)
Process Injection (Spawn&Inject)
Service Creation

Credit

Thanks to bluescreenofjeff and _tifkin for the original opsec aggressor scripts. It was more better since it rewrote some of the dropdown options but it hasn't been updated in 4 years, much has changed since then.

Usage

usage: get_opsec.py [-h] [-c COMMANDS]

optional arguments:
  -h, --help            show this help message and exit
  -c COMMANDS, --commands COMMANDS
                        Beacon commands to enable (comma delimted) Options: API-only House-keeping bof Post-Exploitation cmd.exe powershell.exe remote spawn&inject service

Example

$ python3 get_opsec.py -c API-only,House-keeping,bof,cmd.exe | tee opsec.cna
#TTP: API-only
%commands["cd"]="true";
%commands["cp"]="true";
%commands["connect"]="true";
%commands["download"]="true";
%commands["drives"]="true";
%commands["exit"]="true";
.
.
.
#configuring the block commands
foreach $key (sorta(keys(%commands))) {
        if (%commands[$key] eq "block") {
                alias($key, {
                        berror($1,"This command's execution has been blocked. Remove the opsec profile to run the command.");
                });
        }
}

#Adding the opsec command to check the current settings
beacon_command_register("opsec", "Show the settings of the loaded opsec profile",
        "Synopsis: opsec

" .
        "Displays a list of command settings for the currently loaded opsec profile.");

alias("opsec",{
        blog($1,"The current opsec profile has the following commands set to block/block: ");
        foreach $key (sorta(keys(%commands))) {
                blog2($1,$key . " - " . %commands[$key]);
        }
});

Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.

Related tags

Overview

opsec-aggressor

Credit

Usage

Example

Owner

JP

Odoo. Open Source Apps To Grow Your Business.

Covid-19-Trends - A project that me and my friends created as the CSC110 Final Project at UofT

Free Data Engineering course!

Calculadora-basica - Calculator with basic operators

Structured, dependable legos for Starknet development.

A software dedicated to automaticaly select the agent of your desire in Valorant

Cairo-math-64x61 - Fixed point 64.61 math library for Cairo / Starknet

Python’s bokeh, holoviews, matplotlib, plotly, seaborn package-based visualizations about COVID statistics eventually hosted as a web app on Heroku

This is the repo for Uncertainty Quantification 360 Toolkit.

HashDB Binary Ninja Plugin

Easytile blender - Simple Blender 2.83 addon for tiling meshes easily

A bot to use in a pump & dump event

Цифрова збрoя проти xуйлoвської пропаганди.

Writeup and scripts for the 2021 malwarebytes crackme

Generates images with semantic content from distribution A in the style of distribution B

Simple Python API for the Ergo Platform Explorer

The presented desktop application was made to solve 1d schrodinger eqation

A slapdash script to solve Wordle or Absurdle automatically

Allows you to purge all reply comments left by a user on a YouTube channel or video.

Visualize Data From Stray Scanner https://keke.dev/blog/2021/03/10/Stray-Scanner.html