DidierStevens / Beta
Beta versions of my software
☆249Updated last year
Alternatives and similar repositories for Beta:
Users that are interested in Beta are comparing it to the libraries listed below
- Code and yara rules to detect and analyze Cobalt Strike☆264Updated 3 years ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆253Updated last year
- Setup scripts for my Malware Analysis VMs☆252Updated 3 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆487Updated 2 years ago
- ☆1,047Updated last year
- Lnk Explorer Command line edition!!☆293Updated 2 months ago
- Live forensic artifacts collector☆165Updated 8 months ago
- Digital forensic acquisition tool for Windows based incident response.☆338Updated 10 months ago
- IOC from articles, tweets for archives☆313Updated last year
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆577Updated 10 months ago
- c2 traffic☆188Updated 2 years ago
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆906Updated 3 years ago
- Plugins I've written for Volatility☆200Updated last year
- PowerShell script for deobfuscating encoded PowerShell scripts☆425Updated 4 years ago
- PCAP Samples for Different Post Exploitation Techniques☆356Updated 3 years ago
- Parses amcache.hve files, but with a twist!☆130Updated 2 months ago
- ☆199Updated 5 months ago
- A collection of YARA rules we wish to share with the world, most probably referenced from http://blog.inquest.net.☆373Updated 2 years ago
- A collection of scripts for dealing with Cobalt Strike beacons in Python☆168Updated 4 years ago
- ☆447Updated 3 years ago
- Cobalt Strike Beacon configuration extractor and parser.☆151Updated 3 years ago
- Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA.☆245Updated 2 years ago
- ☆302Updated 4 years ago
- Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which …☆449Updated 2 years ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆322Updated last year
- simple YARA-based IOC scanner☆169Updated last month
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆165Updated 2 years ago
- Tool Analysis Result Sheet☆347Updated 7 years ago
- RDP Bitmap Cache parser☆512Updated 2 months ago
- Cuckoo running in a nested hypervisor☆128Updated 4 years ago