这是一款现代、高性能的跨平台 C2 架构系统。采用 Rust 编写受控端，Go 编写服务端，以及 Vue 3 极致轻量化 UI。深度融合 MCP 协议，开启 AI 自动化攻防新篇章。

A flexible, AI powered C2 framework built with operators in mind

Cobalt Strike UDC2 implementation that provides an Slack C2 channel

在数字化浪潮下，钓鱼攻击已成为企业网络安全的主要威胁之一。仿冒网页、恶意邮件等钓鱼手段层出不穷，一旦员工不慎中招，可能导致企业核心数据泄露、系统瘫痪、财产损失等严重后果。在此背景下，阿波罗安全风险演练平台ApolloFish)应运而生，平台以“实战演练赋能安全意识提升”为核心目标，通过模拟真实的网页钓鱼、邮箱钓鱼场景，帮助企业精准检验员工安全防护能力，系统性强化全员安全意识，筑牢企业网络安全…

Sophisticated In-Memory PE loader for Cobalt Strike

This is free remote access trojan: 此项目界面为全英文，实现了远程桌面、摄像头监控、语音监听、文件管理、聊天、代理、键盘记录和进程管理等功能。远程桌面模块基于DXGI和H264，屏幕显示非常流畅，可以切换显示器、调整分辨率及进行远程控制。项目代码仅限于学习和交流用途。

A WebGui Management tool for CS-EXTC2-* (Cobalt Strike External C2) Protocols. Simplifies the compilation & running of controllers, and payloads.

Bypass YARA rule Windows_Trojan_CobaltStrike_f0b627fc by generating alternative shellcode sequences.

An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.

An NTP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.

免杀与恶意软件开发

🎯 A general-purpose protocol stack analysis and debugging tool based on eBPF 🧰

Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (AC…

PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.

A serie of exploits targeting eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike

ipstatistics is a script based on the ipip library that is used to quickly filter the ip list.

坤坤CS 基于CobaltStrike cat 4.5二开项目 添加反沙箱、反测绘。集成常用后渗透插件，开箱即用

Certified Red Team Operator

一款用于自动化处理内存取证的Python脚本，并提供GUI界面

基于Memprocfs和Volatility的可视化内存取证工具

collect some exploit traffic pcap

Evasive loader to bypass static detection

千机-红队免杀木马自动生成器 Bypass defender、火绒、360等国内主流杀软 随机加密混淆shellcode快速生成免杀马

内网域渗透小工具

Winsocket for Cobalt Strike.

将dll exe 等转成shellcode 最后输出exe 可定制加载器模板 支持白文件的捆绑 shellcode 加密

将dll exe 等转成shellcode 最后输出exe 可定制加载器模板 支持白文件的捆绑 shellcode 加密

用于Linux应急响应，快速排查异常用户登录情况和入侵信息排查，准确定位溯源时间线，高效辅助还原攻击链。