Skip to content

NickYan7/tcpkiller

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
entry.c
entry.c
 
 
tcpkiller.cna
tcpkiller.cna
 
 

Repository files navigation

tcpkiller

This project is inspired by @kyxiaxiang's work TcpNsiKill.

This project reconstructs the TcpNsiKill using C and adds BOF support, making it to be executed stealthy during the post-exploitation.

This project is just for fun!!! The BOF is not designed for long-term task, it will block the original beacon process while the tcpkiller is running (No output & no response). I'm considering to reconstruct this project by reflective dll.

Usage

Loading tcpkiller.cna in cobaltstrike, executing with command like tcpkiller ncat.exe 100.

// 100 iterations, sleeping for 3 seconds after each execution
// Therefore, for the next 6 minutes, edr.exe cannot establish any TCP connections
beacon > tcpkiller edr.exe 100

Be aware of your privilege of the beacon, an elevated-priv process can deal with almost situation.

build

Refer to CS-Situational-Awareness-BOF, you can build tcpkiller within its context.

acknowledgement

https://github.com/kyxiaxiang/TcpNsiKill
https://github.com/trustedsec/CS-Situational-Awareness-BOF

disclaimer

This tool is intended only for legally authorized enterprise security development. If you wish to test the tool's usability, please set up your own target environment.

To prevent malicious use, all proof-of-concept (PoC) tests included in this project are theoretical and do not contain vulnerability exploitation procedures. No real attacks or exploits will be conducted against the target.

When using this tool for testing, you must ensure that your actions comply with local laws and regulations and that you have obtained sufficient authorization. Do not scan unauthorized targets.

If you engage in any illegal activities while using this tool, you will bear the consequences and we will not assume any legal or consequential liability.

Before installing and using this tool, please carefully read and fully understand all terms and conditions. Restrictions, disclaimers, or other clauses that affect your rights may be highlighted in bold or underlined for your attention. Do not install or use this tool unless you have fully read, understood, and accepted all terms and conditions. Your use of this tool, or any other explicit or implicit indication of your acceptance of this Agreement, constitutes your reading and agreement to the terms and conditions.

About

A bof for killing tcp connections on post-exploit.

Topics

cobalt-strike bof redteam-tools

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Packages

No packages published

Languages