You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This release mainly introduces support for parsing and decrypting Cobalt Strike C2 traffic from PCAP files and also adds Beacon Client support which allows you to connect to a Cobalt Strike Team Server and receive tasks and send back data like a real Beacon.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
This release mainly introduces support for parsing and decrypting Cobalt Strike C2 traffic from PCAP files and also adds Beacon Client support which allows you to connect to a Cobalt Strike Team Server and receive tasks and send back data like a real Beacon.
See also these new tutorials on how to use it:
Many thanks to @sud0woodo for laying the groundwork for these features!
What's Changed
BeaconConfig
: public_key, port, jitter, sleeptime, submit_uri AddBeaconConfig.public_key
property #22 Add support for beacon client and decrypting traffic from PCAP files #25netbios_encode
andnetbios_decode
functions to utils.py Addnetbios_encode
andnetbios_decode
functions to utils.py #23scripts/artifact.py
to it's ownbeacon-artifact
CLI tool Movescripts/artifact.py
to it's ownbeacon-artifact
CLI tool #37extras
flavours tosetup.py
Add support for beacon client and decrypting traffic from PCAP files #25dissect.cobaltstrike[c2]
- for if you want to communicate with Cobalt Strike Team Serversdissect.cobaltstrike[pcap]
- for if you want to parse and decrypt PCAPs containing Beacon trafficdissect.cobaltstrike[full]
- all of the above but also installsrich
for prettier log outputDocumentation
docs/requirements.txt
and use pip method for building readthedocs Get rid of docs/requirements.txt and use pip method for readthedocs #28 Fix readthedocs #29scripts/*.py
to it's own scripts section in documentation.beacon-artifact
for dumping beacons created with ArtifactKitbeacon-client
for connecting to a Cobalt Strike Team Server as a beacon clientbeacon-pcap
for parsing and decrypting Cobalt Strike C2 traffic in PCAP filesFull Changelog: v0.2.2...v1.0.0
This discussion was created from the release v1.0.0.
Beta Was this translation helpful? Give feedback.
All reactions