DfirJos / CnC-detection
Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation
☆16Updated 6 years ago
Related projects: ⓘ
- ☆36Updated 5 years ago
- Bash one-liner that will parse harmj0y's SharpRoast or Rebeus kerberoast into hashcat crack-able format.☆32Updated 5 years ago
- The project is called GreatSCT (Great Scott). GreatSCT is an open source project to generate application white list bypasses. This tool i…☆28Updated 6 years ago
- Everything related to Cobalt Strike☆15Updated 4 years ago
- Cobalt Strike log state tracking, parsing, and storage☆22Updated 5 years ago
- ☆23Updated this week
- Cobalt Strike Field Manual - A quick reference for Windows commands that can be accessed in a beacon console.☆64Updated 6 years ago
- ☆15Updated 4 years ago
- Presentation materials for talks I've given.☆20Updated 4 years ago
- Code for blogpost: https://outflank.nl/blog/2018/10/25/building-resilient-c2-infrastructues-using-dns-over-https/☆52Updated 5 years ago
- ☆52Updated this week
- Convert Empire profiles to Apache mod_rewrite scripts☆27Updated 5 years ago
- A collection of shell code conversion scripts that I have written over time for repetitive tasks☆18Updated 5 years ago
- ☆20Updated this week
- ☆11Updated this week
- Helper script for mangling CS payloads☆52Updated 5 years ago
- ☆69Updated 5 years ago
- Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.☆42Updated 7 years ago
- Walking the PEB in VBA☆22Updated 4 years ago
- ☆13Updated 3 years ago
- My musings with C#☆28Updated last year
- .net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems☆32Updated 4 years ago
- Community maintained list of most popular HIPS service and process names on a Windows Platform.☆43Updated 2 years ago
- Includes 5 Known Application Whitelisting/ Application Control Bypass Techniques in One File.☆31Updated 8 years ago
- Quick PoC I Wrote for Bypassing Next Gen AV Remotely for Pentesting☆41Updated 5 years ago
- Discover MSSQL Instances via UDP Scanning☆23Updated 5 years ago
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆41Updated 5 years ago
- Random source codes☆25Updated 4 years ago