May 21, 2022

This tool is an Azure Function that is used to validate and relay Cobalt Strike Beacon traffic by undergoing verification of the requests that are coming based on Cobalt Strike Malleable C2 profile. 

This detects suspicious requests which may not share the profile’s user agent, headers, query parameters and URI paths. They will be redirected to a decoy site that is configurable. The requests that get validated get relayed to a team server with the same virtual network which go through further restricted network security groups. This allows the VM to only expose SSH.

Download Link: https://github.com/Flangvik/AzureC2Relay

Leave a Reply

Your email address will not be published.