DfirJos / CnC-detection
Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation
☆16Updated 6 years ago
Alternatives and similar repositories for CnC-detection
Users that are interested in CnC-detection are comparing it to the libraries listed below
Sorting:
- Everything related to Cobalt Strike☆15Updated 5 years ago
- ☆13Updated 3 years ago
- Bash one-liner that will parse harmj0y's SharpRoast or Rebeus kerberoast into hashcat crack-able format.☆32Updated 6 years ago
- Cobalt Strike log state tracking, parsing, and storage☆24Updated 5 years ago
- Presentation materials for talks I've given.☆20Updated 5 years ago
- Community maintained list of most popular HIPS service and process names on a Windows Platform.☆43Updated 2 years ago
- The project is called GreatSCT (Great Scott). GreatSCT is an open source project to generate application white list bypasses. This tool i…☆30Updated 7 years ago
- Helper script for mangling CS payloads☆51Updated 6 years ago
- ☆17Updated 9 years ago
- Walking the PEB in VBA☆23Updated 5 years ago
- Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.☆65Updated 7 years ago
- Powershell script which will take any payload and put it in the a bat script which delivers the payload. The payload is delivered using e…☆53Updated last year
- Ingests logs/dbs from cobalt and empire and outputs an excel report with activity, sessions, and credentials☆20Updated 4 years ago
- ☆16Updated 10 years ago
- SilkETW & SilkService☆40Updated 5 years ago
- A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro…☆18Updated 4 years ago
- This tool is designed to simplify and automate the extraction and organization of useful data from Cobalt Strike logs.☆18Updated 6 years ago
- ☆25Updated 6 years ago
- .net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems☆33Updated 5 years ago
- Socks5 server over Websockets☆40Updated 6 years ago
- Executes lateral movement through PowerPoint DCOM objects☆19Updated 7 years ago
- ☆11Updated 4 years ago
- ☆56Updated 5 years ago
- Remote process dumping automation. Use it to dump Windows credentials remotely and extract clear text with Mimikatz offline☆35Updated 5 years ago
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆43Updated 6 years ago
- Discover MSSQL Instances via UDP Scanning☆25Updated 6 years ago
- Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.☆45Updated 7 years ago
- Python api for usage with cobalt strike's External C2 specification☆62Updated 6 years ago
- Converts the output from Invoke-Kerberoast into hashcat format.☆32Updated 6 years ago
- Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/☆52Updated 6 years ago