pyCobaltHound: an Aggressor script extension for Cobalt Strike
pyCobaltHound is an Aggressor script extension for Cobalt Strike which aims to provide a deep integration between Cobalt Strike and Bloodhound.
pyCobaltHound strives to assists red team operators by:
- Automatically querying the BloodHound database to discover escalation paths opened up by newly collected credentials.
- Automatically marking compromised users and computers as owned.
- Allowing operators to quickly and easily investigate the escalation potential of beacon sessions and users.
To accomplish this, pyCobaltHound uses a set of built-in queries. Operators are also able to add/remove their own queries to fine tune pyCobaltHound’s monitoring capabilities. This grants them the flexibility to adapt pyCobaltHound on the fly during engagements to account for engagement-specific targets (users, hosts etc..). pyCobaltHound