A simple command line program to help defender test their detections for network beacon patterns and domain fronting
☆70Feb 3, 2022Updated 4 years ago
Alternatives and similar repositories for beacon-fronting
Users that are interested in beacon-fronting are comparing it to the libraries listed below
Sorting:
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated 2 months ago
- dankAlerts is powered by Sysmon and Memes. Would you notice if a suspicious process was recorded in the event log?☆18Jun 24, 2020Updated 5 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- RedHerd is a collaborative and serverless framework for orchestrating a geographically distributed group of assets.☆74Apr 25, 2023Updated 2 years ago
- Sukoshi is a proof-of-concept Python/C++ implant that leverages the MQTT protocol for C2 and uses AWS IoT Core as infrastructure.☆47Mar 26, 2022Updated 3 years ago
- LSASS enumeration like pypykatz written in C-Lang☆20Dec 1, 2021Updated 4 years ago
- JPCERT/CC public YARA rules repository☆109Nov 14, 2025Updated 3 months ago
- Look into EDR events from network☆25Nov 20, 2025Updated 3 months ago
- A simple way of detecting multithreaded exfiltration in Zeek.☆15May 1, 2025Updated 10 months ago
- ☆78Oct 18, 2022Updated 3 years ago
- Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…☆864Jan 20, 2022Updated 4 years ago
- Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.☆125Apr 9, 2022Updated 3 years ago
- Cyber Analytics Platform and Examination System (CAPES) Project Page☆14Feb 1, 2022Updated 4 years ago
- A simple tool designed to create Atomic Red Team tests with ease.☆49Mar 11, 2025Updated 11 months ago
- Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, an…☆142Jun 1, 2023Updated 2 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆208Jul 21, 2022Updated 3 years ago
- EventLogSilencer is a PowerShell script designed for disable Windows Event Logging☆18Oct 28, 2023Updated 2 years ago
- ☆15Dec 16, 2020Updated 5 years ago
- Just another useless C2 occupying space in some HDD somewhere.☆21Jul 4, 2023Updated 2 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆223May 1, 2021Updated 4 years ago
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Aug 26, 2020Updated 5 years ago
- Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus☆247Feb 23, 2022Updated 4 years ago
- A testing Red Team Infrastructure created with Docker☆32Apr 5, 2022Updated 3 years ago
- Protect your servers with a secret header☆29Jun 12, 2020Updated 5 years ago
- CyberChef - Detection Engineering, TI, DFIR, Malware Analysis Edition☆66Aug 10, 2022Updated 3 years ago
- Proof of concept MacOS post exploitation tool written in Swift. Designed as a POC for blue teams to build macOS detections. Author: Cedri…☆124Dec 27, 2020Updated 5 years ago
- JXA situational awareness helper by simply reading specific files on a filesystem☆82Feb 17, 2026Updated last week
- ☆69Oct 6, 2021Updated 4 years ago
- Mythic C2 agent targeting Linux and Windows hosts written in Rust☆405Nov 26, 2025Updated 3 months ago
- ☆33Feb 26, 2022Updated 4 years ago
- Post-Infection Collection Toolkit☆95Jan 31, 2023Updated 3 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆74Jan 26, 2022Updated 4 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆186Jun 23, 2025Updated 8 months ago
- A simple, quick, and dirty websocket shell for PowerShell.☆20Jun 5, 2017Updated 8 years ago
- Yara Rules for Modern Malware☆78Mar 3, 2024Updated 2 years ago
- Suricata Language Server is an implementation of the Language Server Protocol for Suricata signatures. It adds syntax check, hints and au…☆86Updated this week
- Ransomware simulator written in Golang☆471Jun 30, 2022Updated 3 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- macOS Offensive Tools☆270Sep 28, 2023Updated 2 years ago