Skip to content

Custom Cobalt Strike stagers using different methods of thread execution and memory allocation

Notifications You must be signed in to change notification settings

RedXRanger/StageStrike

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

StageStrike

A custom Cobalt Strike stager written in C.. is how the project started.

There's a high possiblity that I haven't looked hard enough, but I have not found an open source stager that works with CS. So my goal is to make a stager that is simple, and load stages hosted by CS in memory. This project was inspired by Mudges own Metasploit payload stager here: https://github.com/rsmudge/metasploit-loader And explained here https://blog.cobaltstrike.com/2013/06/28/staged-payloads-what-pen-testers-should-know/

I'm guessing most mature teams have their own stager whipped up already, but for ones looking for inspiration, here is one implementation using WindowsApi.

I would like to in the future use other methods of executing the stage in memory as outlined by this great blog post: https://www.contextis.com/en/blog/a-beginners-guide-to-windows-shellcode-execution-techniques

-Dynamic Allocation of Memory
-Function Pointer Execution
-.TEXT-Segment Execution
-RWX-Hunter Execution

But for now it'll just be Dynamic Allocation of memory using Win32.

About

Custom Cobalt Strike stagers using different methods of thread execution and memory allocation

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published