v1.0.0 #40
yunzheng
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
This release mainly introduces support for parsing and decrypting Cobalt Strike C2 traffic from PCAP files and also adds Beacon Client support which allows you to connect to a Cobalt Strike Team Server and receive tasks and send back data like a real Beacon.
See also these new tutorials on how to use it:
Many thanks to @sud0woodo for laying the groundwork for these features!
What's Changed
BeaconConfig: public_key, port, jitter, sleeptime, submit_uri AddBeaconConfig.public_keyproperty #22 Add support for beacon client and decrypting traffic from PCAP files #25netbios_encodeandnetbios_decodefunctions to utils.py Addnetbios_encodeandnetbios_decodefunctions to utils.py #23scripts/artifact.pyto it's ownbeacon-artifactCLI tool Movescripts/artifact.pyto it's ownbeacon-artifactCLI tool #37extrasflavours tosetup.pyAdd support for beacon client and decrypting traffic from PCAP files #25dissect.cobaltstrike[c2]- for if you want to communicate with Cobalt Strike Team Serversdissect.cobaltstrike[pcap]- for if you want to parse and decrypt PCAPs containing Beacon trafficdissect.cobaltstrike[full]- all of the above but also installsrichfor prettier log outputDocumentation
docs/requirements.txtand use pip method for building readthedocs Get rid of docs/requirements.txt and use pip method for readthedocs #28 Fix readthedocs #29scripts/*.pyto it's own scripts section in documentation.beacon-artifactfor dumping beacons created with ArtifactKitbeacon-clientfor connecting to a Cobalt Strike Team Server as a beacon clientbeacon-pcapfor parsing and decrypting Cobalt Strike C2 traffic in PCAP filesFull Changelog: v0.2.2...v1.0.0
This discussion was created from the release v1.0.0.
Beta Was this translation helpful? Give feedback.
All reactions