An aggressor script that can help automate payload building in Cobalt Strike
Visual Studio 2022 with .NET Framework 4.8
The aggressor will only work in a predetermined path which is C:\Tools\cobaltstrike\aggressors\PG
, When adding the new aggressor script a new menu button would be added to Cobalt Strikes Menu Bar
The aggressor scripts basically automates payload creation, in this example a C# binary with the CreateThread API will be compiled
For building the payload, predetermined values are already added to the Menu options as this API only works with x86 binaries, and the assembly type is winexe to avoid a console popup
Adding more templates is easy by editing the PG.cna file and placing the new scripts in the /scripts/
folder you can see below that there is a comment highlighting how to add a new menu
As shown below we see that it requires the C# Project file to create these binaries as it is being automated by compiling with MSBUILD, I tried adding this with Linux but no success, you are more than free to change this and add more features but these default ones are working for me.
This sample payload will get detected by AV. I do recommend adding this path to your exclusions or working with an OS such as COMMANDO VM to avoid any issues. This is running on my Windows 11 Home workstation with an exclusion on this path with no issues. Some small features, such as random variable naming, were added, but other things have been hardcoded as this is intended to be a POC Aggressor. I do recommend checking out the reference to get a deeper look at the building and adding more payloads.
###Demo