Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.

Last update: Nov 26, 2022

Related tags

Miscellaneous opsec-aggressor

Overview

opsec-aggressor

Aggressor script that gets the latest commands from CobaltStrikes opsec page and creates an aggressor script based on tool options.

Grabs latest commands from https://www.cobaltstrike.com/help-opsec and sets block/allow based on tool input.

Options of commands to block/allow are:

API-only
House-keeping Commands
Inline Execute (BOF)
Post-Exploitation Jobs (Fork&Run)
Process Execution
Process Execution (cmd.exe)
Process Execution (powershell.exe)
Process Injection (Remote)
Process Injection (Spawn&Inject)
Service Creation

Credit

Thanks to bluescreenofjeff and _tifkin for the original opsec aggressor scripts. It was more better since it rewrote some of the dropdown options but it hasn't been updated in 4 years, much has changed since then.

Usage

usage: get_opsec.py [-h] [-c COMMANDS]

optional arguments:
  -h, --help            show this help message and exit
  -c COMMANDS, --commands COMMANDS
                        Beacon commands to enable (comma delimted) Options: API-only House-keeping bof Post-Exploitation cmd.exe powershell.exe remote spawn&inject service

Example

$ python3 get_opsec.py -c API-only,House-keeping,bof,cmd.exe | tee opsec.cna
#TTP: API-only
%commands["cd"]="true";
%commands["cp"]="true";
%commands["connect"]="true";
%commands["download"]="true";
%commands["drives"]="true";
%commands["exit"]="true";
.
.
.
#configuring the block commands
foreach $key (sorta(keys(%commands))) {
        if (%commands[$key] eq "block") {
                alias($key, {
                        berror($1,"This command's execution has been blocked. Remove the opsec profile to run the command.");
                });
        }
}

#Adding the opsec command to check the current settings
beacon_command_register("opsec", "Show the settings of the loaded opsec profile",
        "Synopsis: opsec

" .
        "Displays a list of command settings for the currently loaded opsec profile.");

alias("opsec",{
        blog($1,"The current opsec profile has the following commands set to block/block: ");
        foreach $key (sorta(keys(%commands))) {
                blog2($1,$key . " - " . %commands[$key]);
        }
});

Aggressor script that gets the latest commands from CobaltStrikes web site and creates an aggressor script based on tool options.

Related tags

Overview

opsec-aggressor

Credit

Usage

Example

Owner

JP

One-stop-shop for docs and test coverage of dbt projects.

Bootstraparse is a personal project started with a specific goal in mind: creating static html pages for direct display from a markdown-like file

Jarvis Python BOT acts like Google-assistance

Simple project to learn more about Bézier curves

Ferramenta de monitoramento do risco de colapso no sistema de saúde em municípios brasileiros com a Covid-19.

A simple way to read and write LAPS passwords from linux.

Validate UC alumni identifier numbers with Python 3.

An advanced pencil sketch generator

A test repository to build a python package and publish the package to Artifact Registry using GCB

Simple Python tool to check if there is an Office 365 instance linked to a domain.

El Niño - Southern Oscillation analysis compared to minimum flow rates of rivers in northeast Brazil

A feed generator. Currently supports generating RSS feeds from Google, Bing, and Yahoo news.

Python programming language Test

NasaApod - Astronomy Picture of the Day

A simple script that can watch a list of directories for change and does some action

My solution for a MARL problem on a Grid Environment with Q-tables.

Check a discord message and give it a percentage of scamminess

List Less Than Ten with python

Anonfiles files leaker via keyword.

Have an idea for a Python package? Register the name on PyPI 💡