A simple command line program to help defender test their detections for network beacon patterns and domain fronting
☆70Feb 3, 2022Updated 4 years ago
Alternatives and similar repositories for beacon-fronting
Users that are interested in beacon-fronting are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆88Mar 11, 2026Updated last week
- JPCERT/CC public YARA rules repository☆109Mar 9, 2026Updated 2 weeks ago
- A simple way of detecting multithreaded exfiltration in Zeek.☆15May 1, 2025Updated 10 months ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆74Jan 26, 2022Updated 4 years ago
- Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, an…☆142Jun 1, 2023Updated 2 years ago
- RedHerd is a collaborative and serverless framework for orchestrating a geographically distributed group of assets.☆74Apr 25, 2023Updated 2 years ago
- Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.☆124Apr 9, 2022Updated 3 years ago
- dankAlerts is powered by Sysmon and Memes. Would you notice if a suspicious process was recorded in the event log?☆18Jun 24, 2020Updated 5 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆209Jul 21, 2022Updated 3 years ago
- LSASS enumeration like pypykatz written in C-Lang☆20Dec 1, 2021Updated 4 years ago
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆66Aug 10, 2022Updated 3 years ago
- A simple tool designed to create Atomic Red Team tests with ease.☆50Mar 11, 2025Updated last year
- Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228☆151Dec 20, 2021Updated 4 years ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆864Jan 20, 2022Updated 4 years ago
- Look into EDR events from network☆25Nov 20, 2025Updated 4 months ago
- A collection of notes and rules (Snort/Suricata, Sigma, and YARA) to identify various samples of malware.☆14Sep 7, 2021Updated 4 years ago
- ☆33Feb 26, 2022Updated 4 years ago
- Sukoshi is a proof-of-concept Python/C++ implant that leverages the MQTT protocol for C2 and uses AWS IoT Core as infrastructure.☆47Mar 26, 2022Updated 3 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆187Updated this week
- Protect your servers with a secret header☆29Jun 12, 2020Updated 5 years ago
- Proof of concept MacOS post exploitation tool written in Swift. Designed as a POC for blue teams to build macOS detections. Author: Cedri…☆124Dec 27, 2020Updated 5 years ago
- Scans the filesystem for directories that are user-writeable☆13Jun 21, 2021Updated 4 years ago
- ☆78Oct 18, 2022Updated 3 years ago
- ☆25Jul 23, 2024Updated last year
- Cyber Analytics Platform and Examination System (CAPES) Project Page☆14Feb 1, 2022Updated 4 years ago
- Just another useless C2 occupying space in some HDD somewhere.☆21Jul 4, 2023Updated 2 years ago
- Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…☆86Updated this week
- ☆15Dec 16, 2020Updated 5 years ago
- Post-Infection Collection Toolkit☆95Jan 31, 2023Updated 3 years ago
- Indicators of compromise from to analysis and research by Nextron Threat Research team☆12Sep 17, 2025Updated 6 months ago
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Aug 26, 2020Updated 5 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆223May 1, 2021Updated 4 years ago
- Mythic C2 agent targeting Linux and Windows hosts written in Rust☆405Nov 26, 2025Updated 3 months ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Aug 6, 2022Updated 3 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- A triage data collection script for macOS☆29Nov 27, 2020Updated 5 years ago
- Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus☆246Feb 23, 2022Updated 4 years ago
- Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.☆285Oct 29, 2024Updated last year