Cobalt Strike Malleable C2 Design and Reference Guide

Malleable C2 is a domain specific language to redefine indicators in Beacon's communication. This repository is a collection of Malleable C2 profiles that you may use. These profiles work with Cobalt Strike 3.x.

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

Cobalt Strike - Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike https://www.cobaltstrike.com/.

Aggressor Script, Kits, Malleable C2 Profiles, External C2 and so on

A script to randomize Cobalt Strike Malleable C2 profiles and reduce the chances of flagging signature-based detection controls

Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles

Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.

Burp插件，Malleable C2 Profiles生成器；可以通过Burp代理选中请求，生成Cobalt Strike的profile文件(CSprofile)

Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.

Resources About Cobalt Strike. 100+ Tools And 200+ Posts.

AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.

Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles

Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles

Open Source Implementation of Cobalt Strike's Malleable C2

Red Team Arsenal - a comprehensive collection of tools, scripts, and techniques for conducting red team operations and adversary simulations, including custom beacons, malleable C2 profiles, aggressor scripts, advanced payload generation methods, as well as other evasion tools, tailored for red team operations and security research.

Malleable C2 profiles for Cobalt Strike

🔎🪲 Malleable C2 profiles parser and assembler written in golang

Parses Cobalt Strike malleable C2 profiles.

🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python

A collection of Cobalt Strike Malleable C2 profiles

A Flask-based HTTP(S) command and control (C2) with a web frontend. Malleable agent written in Go.

Tyche is a Mythic HTTPX Profile Generator used to create Malleable C2 Profiles.

A collection of Malleable C2 profiles that work with Cobalt Strike 3.x.

Go-based C2 server inspired by Cobalt Strike; seamless agent control, web UI, and Malleable Profile support. Fast, extensible, and secure for red-team ops. 🐙

A library to parse, modify, and implement Malleable C2 profiles

Automatically parse Malleable C2 profiled into CrossC2 rebinding library source code

Create Cobalt Strike malleable C2 profiles with HTTPS configs

havoc2nginx is a simple python script that converts Havoc Framework's yaotl malleable c2 profile to Nginx configuration file format. Most of the code and the configuration of this project came from the cs2modrewrite project (https://github.com/threatexpress/cs2modrewrite) from Joe Vest and Andrew Chiles. All credits to them.