/cobalt_strike_extension_kit

Attempting to be an all in one repo for others' userful aggressor scripts as well as things we've found useful during Red Team Operations.

Primary LanguagePowerShellGNU General Public License v3.0GPL-3.0

cobalt_strike_extension_kit

Looking for an all in one for a lot of current tradecraft? Clone this.

I do not take credit for most of this work. A lot of this work was influenced by Outflank, Specter Ops (0xThirteen) Mainly, and seeing other Aggressor Script Repositories. The purpose of this was to aggregate Cobalt Strike supplements used during engagements.


For OPSec, you may want to provide your own binaries. The binaries provided may get flagged by A/V, but do work in lower maturity environments and Certification lab environments.


06/25/2020 - Added more tradecraft and made Extension Kit more workflow driven. Some items are mapped to Mitre - will expand on this in the future.

To-Do

Continue Expanding, try to implement more Offense In Depth e.g., multiple ways to do one thing.

With Offense In Depth, add items that reflect low security maturity and items that reflect higher level maturity to gauge clients. Also may be useful in purple team engagements when using various forms of tradecraft for example - kerberoast with powershell and kerberoast with rubeus

Improve Mitre Mapping to items

Usage
cd /opt/
git clone https://github.com/josephkingstone/cobaltstrike_extension_kit.git
Go to cobalt strike's script manager and load csek.cna


https://github.com/GhostPack/Seatbelt
https://github.com/eladshamir/Internal-Monologue
https://github.com/djhohnstein/SharpWeb
https://github.com/BloodHoundAD/SharpHound
https://github.com/Kevin-Robertson/InveighZero
https://github.com/anthemtotheego/SharpExec
https://github.com/fireeye/SharPersist
https://github.com/rvrsh3ll/SharpCOM
https://github.com/rvrsh3ll/SharpPrinter
https://github.com/rvrsh3ll/SharpFruit
https://github.com/rvrsh3ll/SharpExcel4-DCOM
https://github.com/fireeye/ADFSDump
https://github.com/matterpreter/OffensiveCSharp
https://github.com/tevora-threat/SharpView
https://github.com/HunnicCyber/SharpDomainSpray
https://github.com/HunnicCyber/SharpSniper
https://github.com/GhostPack/Seatbelt
https://github.com/GhostPack/Seatbelt
https://github.com/GhostPack/SharpUp
https://github.com/GhostPack/SafetyKatz
https://github.com/GhostPack/SharpWMI
https://github.com/FSecureLABS/SharpGPOAbuse
https://github.com/GhostPack/SharpDPAPI
https://github.com/0xthirteen/CleanRunMRU
https://github.com/0xthirteen/SharpRDP
https://github.com/Pickfordmatt/SharpLocker
https://github.com/djhohnstein/SharpSearch
https://github.com/slyd0g/SharpClipboard
https://github.com/outflanknl/Zipper
https://github.com/P1CKLES/SharpBox
https://github.com/rasta-mouse/Watson
https://github.com/slyd0g/SharpClipboard


These Tools are not C#, but need to be incorporated into toolset

https://github.com/outflanknl/Spray-AD
https://github.com/outflanknl/Recon-AD
https://github.com/0x09AL/RdpThief
https://github.com/outflanknl/Ps-Tools