A Malleable C2 profile is a simple program that modifies the behavior of the Cobalt Strike Beacon.
This repository contains a set of Malleable C2 profiles aimed to help with the creation of your own. The best way to create a profile is to modify an existing one. Several example profiles are available in this repository.
You can find a reference profile with all the possible options available here.
It is recommended to avoid defaults in the Cobalt Strike profile to improve evasiveness and mimic threats. You can modify things like:
- Avoiding using
rwx - How the process injection behavior works (which APIs will be used) in the
process-injectsection - How the
fork and runworks in thepost-exsection - The default sleep time for beacons
- The max size of binaries to be loaded in memory
- The memory footprint and DLL content with
stagesection - The network traffic
If you'd like to contribute.
- Submit a pull request
- Keep content organized