DfirJos / CnC-detectionLinks
Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation
☆16Updated 7 years ago
Alternatives and similar repositories for CnC-detection
Users that are interested in CnC-detection are comparing it to the libraries listed below
Sorting:
- Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.☆65Updated 7 years ago
- Remote process dumping automation. Use it to dump Windows credentials remotely and extract clear text with Mimikatz offline☆35Updated 5 years ago
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆43Updated 6 years ago
- Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.☆47Updated 8 years ago
- Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/☆52Updated 7 years ago
- Exercises for C# Workshop at Wild West Hackin' Fest 2018 & 2019.☆64Updated 6 years ago
- Community maintained list of most popular HIPS service and process names on a Windows Platform.☆43Updated 3 years ago
- Helper script for mangling CS payloads☆51Updated 6 years ago
- Splunk Dashboard for CobaltStrike logs☆89Updated 4 years ago
- Bash one-liner that will parse harmj0y's SharpRoast or Rebeus kerberoast into hashcat crack-able format.☆32Updated 6 years ago
- Cobalt Strike log state tracking, parsing, and storage☆24Updated 6 years ago
- Everything related to Cobalt Strike☆16Updated 5 years ago
- Discover MSSQL Instances via UDP Scanning☆25Updated 6 years ago
- Quick PoC I Wrote for Bypassing Next Gen AV Remotely for Pentesting☆41Updated 6 years ago
- ☆69Updated 6 years ago
- Use bitsadmin to maintain persistence and bypass Autoruns☆66Updated 8 years ago
- A cobaltstrike script that integrates DDEAuto Attacks☆63Updated 8 years ago
- Ps1jacker is a tool for generating COM Hijacking payload.☆60Updated 8 months ago
- ☆45Updated 6 years ago
- Includes 5 Known Application Whitelisting/ Application Control Bypass Techniques in One File.☆32Updated 9 years ago
- SilkETW & SilkService☆40Updated 6 years ago
- ☆13Updated 4 years ago
- PoC that manipulates Windows file times using SetFileTime() API☆62Updated 6 years ago
- initial commit☆44Updated 11 months ago
- Powershell script which will take any payload and put it in the a bat script which delivers the payload. The payload is delivered using e…☆52Updated last year
- LogRM is a post exploitation powershell script which it uses windows event logs to gather information about internal network☆74Updated 6 years ago
- ☆25Updated 7 years ago
- A C# tool for enumerating remote access policies through group policy.☆73Updated 6 years ago
- Source code in Win32 ASM and C for a shellcode execution wrapper designed to mitigate the risk of shellcode execution on a host other tha…☆19Updated 9 years ago
- ☆94Updated 6 years ago