Aggrokatz is an aggressor plugin extension for Cobalt Strike which enables pypykatz to interface with the beacons remotely and allows it to parse LSASS dump files and registry hive files to extract credentials and other secrets stored without downloading the file and without uploading any suspicious code to the beacon.
☆156Apr 27, 2021Updated 4 years ago
Alternatives and similar repositories for aggrokatz
Users that are interested in aggrokatz are comparing it to the libraries listed below
Sorting:
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.☆285Oct 29, 2024Updated last year
- Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…☆244Jul 14, 2021Updated 4 years ago
- A BOF.NET program to split a file into smaller chunks and email it via a specified SMTP relay.☆15Jun 24, 2021Updated 4 years ago
- ☆101Aug 23, 2021Updated 4 years ago
- Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…☆469Mar 8, 2023Updated 3 years ago
- Remove API hooks from a Beacon process.☆282Sep 18, 2021Updated 4 years ago
- A beacon generator using Cobalt Strike and a variety of tools.☆448Aug 10, 2021Updated 4 years ago
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆103Jan 7, 2022Updated 4 years ago
- Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type☆211Mar 18, 2024Updated 2 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆186Jul 21, 2022Updated 3 years ago
- DLL Hijack Search Order Enumeration BOF☆149Nov 3, 2021Updated 4 years ago
- Cobalt Strike BOF for quser.exe implementation using Windows API☆87Mar 22, 2023Updated 3 years ago
- This aggressor script uses a beacon's note field to indicate the health status of a beacon.☆141Sep 29, 2021Updated 4 years ago
- (kinda) Malicious Outlook Reader☆138Mar 3, 2021Updated 5 years ago
- Cobalt Strike Beacon Object Files☆167May 2, 2022Updated 3 years ago
- Collection of beacon BOF written to learn windows and cobaltstrike☆362Feb 24, 2023Updated 3 years ago
- Vampire is an aggressor script which integrates with BloodHound to mark nodes as owned.☆79Apr 6, 2021Updated 4 years ago
- Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…☆220Jul 14, 2021Updated 4 years ago
- Project to enumerate proxy configurations and generate shellcode from CobaltStrike☆140Nov 4, 2020Updated 5 years ago
- Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.☆382Mar 8, 2023Updated 3 years ago
- AutoStart teamserver and listeners with services☆75Dec 23, 2021Updated 4 years ago
- An interactive command prompt for red teaming and pentesting. Automatically pushes commands through SOCKS4/5 proxies via proxychains. Opt…☆221Aug 23, 2022Updated 3 years ago
- A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certifica…☆867Mar 20, 2023Updated 3 years ago
- ☆121Jun 17, 2022Updated 3 years ago
- C# .Net 5.0 project to build BOF (Beacon Object Files) in mass☆25Jul 25, 2023Updated 2 years ago
- EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…☆290Mar 8, 2023Updated 3 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆772Sep 4, 2024Updated last year
- Self-developed tools for Lateral Movement/Code Execution☆719Aug 17, 2021Updated 4 years ago
- ☆94May 14, 2022Updated 3 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆275May 3, 2023Updated 2 years ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆107Mar 8, 2023Updated 3 years ago
- A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.☆220May 3, 2023Updated 2 years ago
- New UAC bypass for Silent Cleanup for CobaltStrike☆191Jul 14, 2021Updated 4 years ago
- SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.☆1,199Apr 16, 2025Updated 11 months ago
- Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)☆463Jul 15, 2022Updated 3 years ago
- A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.☆297Aug 18, 2023Updated 2 years ago
- My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+☆1,097Apr 19, 2023Updated 2 years ago
- Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation☆991Oct 7, 2022Updated 3 years ago