Pybeacon : A Collection Of Scripts For Dealing With Cobalt Strike Beacons In Python

PyBeacon is a collection of scripts for dealing with Cobalt Strike’s encrypted traffic. It can encrypt/decrypt beacon metadata, as well as parse symmetric encrypted taskings.

Scripts Included

There is a small library which includes encryption/decoding methods, however some example scripts are included.

  • stager-decode.py – this tool will simply decode a beacon DLL from a stager URL (you can use it to extract the public key).
  • register.py – this tool deals with RSA encrypted metadata and can register a new (fake) beacon on a target Teamserver.
  • tasktool.py – this tool deals with AES encrypted taskings to/from the teamserver. Use it to send callbacks to the teamserver, or for decoding taskings from a Teamserver to the beacon.
  • cs-3-5-rce.py – This is an implementation of the exploit used to exploit CS < 3.5-hf1, which was used in the wild to hack Cobalt Strike servers. It works by registering a beacon with a directory traversal in the IP address field. It then subsequently registers a download callback which causes the “download” to be uploaded anywhere on the target file system. The ITW exploit used a cronjob to achieve RCE.

TODO

  • Add more task types to the task decoding logic
  • Add decoding for beacon taskings. At the moment some “generic” logic is used, but it’s not really helpful
R K

Recent Posts

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

15 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

17 hours ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

19 hours ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

19 hours ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

19 hours ago

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

2 days ago