Support more Cobalt Strike C2 profiles #121
Labels
good first issue
This issue or pull request is well-defined and good for newcomers
improvement
This issue or pull request will add or improve functionality, maintainability, or ease of use
💡 Summary
In #118 we add an
https-certificate
block to the Amazon and OCSP Cobalt Strike C2 profiles from rsmudge/Malleable-C2-Profiles. It would be a nice improvement to instead allow the user to provide a list of C2 profiles to which anhttps-certificate
block should be added; alternatively, the user could provide as an input one or more directories containing C2 profiles and we could add anhttps-certificate
block to each*.profile
files in those directories.It also makes sense to allow the user to specify the location of the Java keystore.
Motivation and context
@dav3r mentioned in #118 that this would be a nice improvement to this repository. It would support a more general use case beyond just the Amazon and OCSP Cobalt Strike C2 profiles.
Acceptance criteria
add-https-certificate-block-to-cs-profiles.tpl.sh
takes as an input a list of Cobalt Strike C2 profile files (or, alternatively, a list of directories containing such profiles) to which anhttps-certificate
block should be added.add-https-certificate-block-to-cs-profiles.tpl.sh
adds anhttps-certificate
block to each of the Cobalt Strike C2 profiles in the previous list item.add-https-certificate-block-to-cs-profiles.tpl.sh
takes as an input the location of the Java keystore to be created.add-https-certificate-block-to-cs-profiles.tpl.sh
uses the Java keystore location when populating thehttps-certificate
blocks in the Cobalt Strike C2 profiles.The text was updated successfully, but these errors were encountered: