DfirJos / CnC-detection
Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation
☆16Updated 6 years ago
Related projects ⓘ
Alternatives and complementary repositories for CnC-detection
- Presentation materials for talks I've given.☆20Updated 5 years ago
- Everything related to Cobalt Strike☆15Updated 4 years ago
- Powershell script which will take any payload and put it in the a bat script which delivers the payload. The payload is delivered using e…☆52Updated 7 months ago
- ☆17Updated 9 years ago
- Cobalt Strike log state tracking, parsing, and storage☆22Updated 5 years ago
- ☆37Updated 6 years ago
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆41Updated 6 years ago
- Bash one-liner that will parse harmj0y's SharpRoast or Rebeus kerberoast into hashcat crack-able format.☆32Updated 5 years ago
- RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShel…☆18Updated 4 years ago
- The project is called GreatSCT (Great Scott). GreatSCT is an open source project to generate application white list bypasses. This tool i…☆29Updated 6 years ago
- Discover MSSQL Instances via UDP Scanning☆23Updated 5 years ago
- ☆24Updated 6 years ago
- Office365 Tenants List☆16Updated 6 years ago
- My musings with C#☆28Updated last year
- .net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems☆32Updated 4 years ago
- Community maintained list of most popular HIPS service and process names on a Windows Platform.☆43Updated 2 years ago
- A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro…☆19Updated 4 years ago
- Walking the PEB in VBA☆22Updated 4 years ago
- Ingests logs/dbs from cobalt and empire and outputs an excel report with activity, sessions, and credentials☆20Updated 3 years ago
- Executes lateral movement through PowerPoint DCOM objects☆19Updated 6 years ago
- Convert Empire profiles to Apache mod_rewrite scripts☆27Updated 5 years ago
- ☆55Updated 4 years ago
- ☆16Updated 4 years ago