PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic.

Related tags

Cryptographypybeacon
Overview

PyBeacon

PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic.

It can encrypt/decrypt beacon metadata, as well as parse symmetric encrypted taskings

Scripts included

There is a small library which includes encryption/decoding methods, however some example scripts are included.

  • stager-decode.py - this tool will simply decode a beacon DLL from a stager URL (you can use it to extract the public key).
  • register.py - this tool deals with RSA encrypted metadata and can register a new (fake) beacon on a target Teamserver.
  • tasktool.py - this tool deals with AES encrypted taskings to/from the teamserver. Use it to send callbacks to the teamserver, or for decoding taskings from a Teamserver to the beacon.
  • cs-3-5-rce.py - This is an implementation of the exploit used to exploit CS < 3.5-hf1, which was used in the wild to hack Cobalt Strike servers. It works by registering a beacon with a directory traversal in the IP address field. It then subsequently registers a download callback which causes the "download" to be uploaded anywhere on the target file system. The ITW exploit used a cronjob to achieve RCE.

TODO

  • Add more task types to the task decoding logic
  • Add decoding for beacon taskings. At the moment some "generic" logic is used, but it's not really helpful
Owner
NCC Group Plc
Please report all security issues to security at nccgroup dot com
NCC Group Plc
GitHub Repository
SVSHI - Secure and Verified Smart Home Infrastructure

The SVSHI (Secure and Verified Smart Home Infrastructure) (pronounced like "sushi") project is a platform/runtime/toolchain for developing and running formally verified smart infrastructures, such as

Dependable Systems Laboratory 3 Oct 28, 2022
PytoPrice is an automation program to fetch the latest price of a cryptocurrency of your choice at a user-customizable update interval.

PyToPrice (Python Crypto Price) PytoPrice is an automation program to fetch the latest price of a cryptocurrency of your choice at a user-customizable

Peter 1 Jun 16, 2022
Maximal extractable value inspector for Ethereum, to illuminate the dark forest 🌲 💡

mev-inspect-py Maximal extractable value inspector for Ethereum, to illuminate the dark forest 🌲 💡 Given a block, mev-inspect finds: miner payments

Flashbots 563 Dec 29, 2022
Small utility to encrypt and decrypt messages

Safe Safe is a small utility to encrypt and decrypt messages using a pair of public and private keys. Installation You need to have GPG installed in y

Gustavo Eguez 2 Dec 21, 2021
Persian caesar and rot16 encryptor and decryptor

persian caesar and rot16 encrypt and decrypt how to install if you use windows python -m venv .venv .\.venv\Script\activate python -m pip install -r r

Mehdi Radfar 5 Oct 28, 2022
A lightweight encryption library in python.

XCrypt About This was initially a project to prove that I could make a strong encryption but I decided to publish it so that the internet peoples coul

Anonymous 8 Sep 10, 2022
Python Steganography data hiding in image

Python-Steganography Python Steganography data hiding in image data encryption and decryption im here you have to import stepic module 1.open CMD 2.ty

JehanKandy 10 Jul 13, 2022
A simple program written in python to convert: USD, EUR & BTC to BRL

CoinsPrice This is a simple program written in python to convert: USD EUR BTC to BRL, and I used an API to get coins price. Take a look at the window

Luiz Henrique 1 Feb 09, 2022
This is an experimental AES-encrypted RPC API for ESP 8266.

URPC This is an experimental AES-encrypted RPC API for ESP 8266. Usage The server folder contains a sample ESP 8266 project. Simply set the values in

Ian Walton 1 Oct 26, 2021
A curated list for getting up to speed on crypto and decentralized networks

crypto reading list A curated list for getting up to speed on crypto and decentralized networks. The content on the toplevel page contains what we con

Jump Crypto 1.1k Jan 07, 2023
Python based project to pull useful account statistics from the Algorand block chain.

PlanetWatchStats Python based project to pull useful account statistics from the Algorand block chain. Setup pip install -r requirements.txt Run pytho

M0x40 1 Jan 27, 2022
Version three of the Accounting Project. You can now connect multiple computers together who are on the same IP (I'm sure I could set it up so it would work on different IP's) and add to a distributed ledger verified by blockchain.

Accounting_Cycle_V3 As I talked about in the second iteration of the accoutning project, I was going to add networking capabilities to the project. Re

J. Brandon Walker 1 May 13, 2022
Signarly is a cryptocurrency trading bot.

Signarly is a cryptocurrency trading bot.

Zakaria EL Mesaoudi 5 Oct 06, 2022
Two modules that display rates of fiat currencies and cryptocurrencies

currency-rates-polybar Two modules that display rates of fiat currencies and cryptocurrencies Setup Clone the repository somewhere Move (or create sym

Peskov Sergey 2 Apr 03, 2022
Deriving RSA public keys from message-signature pairs

The repository contains: Experimental code to calculate RSA public keys based on two known message-signature pairs

Silent Signal 120 Dec 31, 2022
PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic.

PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic. It can encrypt/decrypt beacon metadata, as well as pa

NCC Group Plc 162 Dec 21, 2022
A repository for voting systems using Choice Coin.

Voting This is a repository for voting software built using Choice Coin on the Algorand Network. Our voting software is centered around Decentralized

Choice Coin 633 Dec 23, 2022
A Python script to implement Hill's Cipher Encryption and Decryption.

Hill_Cipher-Encryption_and_Decryption A Python script to implement Hill's Cipher Encryption and Decryption. Initially in the Encryption part, the Plai

Vishvendra Singh 1 Jan 19, 2022
💰 An Alfred Workflow that provides current price of cryptocurrency

Coin Ticker for Alfred Workflow An Alfred Workflow that provides current price and status about cryptocurrency from cryptocompare.com. Supports Alfred

Bumsoo Kim (Ian) 14 Nov 17, 2022
A simple web application with tools of cryptography, made with Flask and Cryptography.

Crypto Tools A web application made with Flask that allows the use of some cryptography tools like message digest, RSA key pair generation and a decip

Felipe Valentin 0 Jan 20, 2022