A simple command line program to help defender test their detections for network beacon patterns and domain fronting
☆69Feb 3, 2022Updated 4 years ago
Alternatives and similar repositories for beacon-fronting
Users that are interested in beacon-fronting are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆92Mar 11, 2026Updated 3 months ago
- JPCERT/CC public YARA rules repository☆111Mar 9, 2026Updated 3 months ago
- A simple way of detecting multithreaded exfiltration in Zeek.☆15May 1, 2025Updated last year
- Detection Ideas & Rules repository.☆179Sep 10, 2021Updated 4 years ago
- Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, an…☆142Jun 1, 2023Updated 3 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- RedHerd is a collaborative and serverless framework for orchestrating a geographically distributed group of assets.☆75Apr 25, 2023Updated 3 years ago
- Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.☆125Apr 9, 2022Updated 4 years ago
- dankAlerts is powered by Sysmon and Memes. Would you notice if a suspicious process was recorded in the event log?☆18Jun 24, 2020Updated 6 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆210Jul 21, 2022Updated 3 years ago
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆66Jun 18, 2026Updated 2 weeks ago
- LSASS enumeration like pypykatz written in C-Lang☆20Dec 1, 2021Updated 4 years ago
- Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228☆151Dec 20, 2021Updated 4 years ago
- A simple tool designed to create Atomic Red Team tests with ease.☆65May 3, 2026Updated last month
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆867Jan 20, 2022Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Look into EDR events from network☆25Nov 20, 2025Updated 7 months ago
- A collection of notes and rules (Snort/Suricata, Sigma, and YARA) to identify various samples of malware.☆14Sep 7, 2021Updated 4 years ago
- ☆33Feb 26, 2022Updated 4 years ago
- Sukoshi is a proof-of-concept Python/C++ implant that leverages the MQTT protocol for C2 and uses AWS IoT Core as infrastructure.☆50Mar 26, 2022Updated 4 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆189Mar 17, 2026Updated 3 months ago
- Proof of concept MacOS post exploitation tool written in Swift. Designed as a POC for blue teams to build macOS detections. Author: Cedri…☆125Dec 27, 2020Updated 5 years ago
- Protect your servers with a secret header☆29Jun 12, 2020Updated 6 years ago
- Scans the filesystem for directories that are user-writeable☆13Jun 21, 2021Updated 5 years ago
- ☆26Jul 23, 2024Updated last year
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Cyber Analytics Platform and Examination System (CAPES) Project Page☆14Feb 1, 2022Updated 4 years ago
- ☆84Oct 18, 2022Updated 3 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆29Aug 6, 2022Updated 3 years ago
- Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…☆86Jun 23, 2026Updated last week
- ☆16Dec 16, 2020Updated 5 years ago
- Post-Infection Collection Toolkit☆95Jan 31, 2023Updated 3 years ago
- Indicators of compromise from to analysis and research by Nextron Threat Research team☆12Jun 2, 2026Updated last month
- Just another useless C2 occupying space in some HDD somewhere.☆22Jul 4, 2023Updated 2 years ago
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆22Aug 26, 2020Updated 5 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- EventLogSilencer is a PowerShell script designed for disable Windows Event Logging☆18Oct 28, 2023Updated 2 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆227May 1, 2021Updated 5 years ago
- Mythic C2 agent targeting Linux and Windows hosts written in Rust☆407Nov 26, 2025Updated 7 months ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- A triage data collection script for macOS☆30Nov 27, 2020Updated 5 years ago
- Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus☆247Feb 23, 2022Updated 4 years ago
- Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.☆288Jun 8, 2026Updated 3 weeks ago