简介
Arsenal kit是CobaltStrike官方同步开发更新的,给予CobaltStrike自定义payload模板能力的构筑工件,你可以通过修改Arsenal kit套件内部的模板代码,在其中加入自己的免杀对抗功能,从而实现原生的反病毒反EDR的能力。
Arsenal kit一般不单独出售,都是随着官方的CobaltStrike同步捆绑销售。
说明
此次露出的kit工具包内容概览:这次泄露出来的工具包,hash对比与官网一致,但还是建议谨慎操作!
而且这个版本的套件已经支持了CobaltStrike 4.10,更多精彩的功能,看release notes即可:
Arsenal Kit Release Notes
(c) 2012-2024 Fortra, LLC and its group of companies. All trademarks and registered trademarks are the property of their respective owners.
-------------
July 16, 2024 - Arsenal Kit
-------------
++ Artifact Kit
+ Updated the artifact stage_size to support 4.10 beacons.
++ Postex Kit
+ Added a new kit that can be used to create your own long-running postex tasks.
++ Sleep Mask Kit
+ Added new sleep mask source code example to work with the 4.10 release
+ Added new sleep mask system call method 'beacon' which retrieves system call information from beacon.
+ Updated the directory names for the sleep mask code support.
sleepmask/src will support the current release (4.10)
sleepmask/src49 will support 4.9.x only
sleepmask/src47 will support 4.7.x and 4.8.x only
++ User Defined Reflective Loader for Visual Studio (UDRL-VS) Kit
+ Updated examples to work with the 4.10 release
+ Updated the bud-loader and obfuscation-loader to populate and pass the ALLOCATED_MEMORY structure to Beacon
+ Updated the bud-loader to provide allocated memory for PURPOSE_BOF_MEMORY and PURPOSE_SLEEPMASK_MEMORY
+ Updated the bud-loader to support the CreateFile, ReadFile, and WriteFile system calls
......
......
.....工具获取方式在下面交流圈,欢迎加入
推荐阅读:
更多干货文章工具等资源,欢迎加入下方交流圈👇:
这是一个纯粹,开放,前沿的技术交流社区,成员主要有互联网大厂安全部门任职的成员,乙方红队专家,以及正在学习入门的小白等,社区涉及的领域知识包括但不限于渗透,免杀开发,红蓝对抗,安全建设,考试认证,岗位招聘等等方面,还可以结识很多志同道合的朋友,提升自己的技术栈,开阔视野,提升眼界👇👇👇
欢迎加入交流圈
扫码获取更多精彩
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...