Immersive-Labs-Sec / BruteRatel-DetectionToolsLinks
A collection of Tools and Rules for decoding Brute Ratel C4 badgers
☆64Updated 3 years ago
Alternatives and similar repositories for BruteRatel-DetectionTools
Users that are interested in BruteRatel-DetectionTools are comparing it to the libraries listed below
Sorting:
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆87Updated 3 years ago
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆75Updated 3 years ago
- Finding secrets in kernel and user memory☆116Updated last year
- pypykatz plugin for volatility3 framework☆42Updated 2 months ago
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆89Updated last year
- ☆74Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated 2 years ago
- ☆45Updated last year
- AdHoc solutions☆48Updated last year
- ☆43Updated 3 years ago
- Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.☆118Updated 4 years ago
- Default Detections for EDR☆96Updated last year
- ☆84Updated 2 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Updated 3 years ago
- .NET project for installing Persistence☆63Updated 3 years ago
- ☆10Updated 2 years ago
- Execute PowerShell code at the antimalware-light protection level.☆141Updated 2 years ago
- My Malware Analysis Reports☆22Updated 3 years ago
- (PoC) Tiny Excel BIFF8 Generator, to Embedded 4.0 Macros in xls files without Excel.☆43Updated 4 years ago
- ☆113Updated 3 years ago
- A module for CME that spiders across a domain.☆35Updated 3 years ago
- ☆57Updated 4 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆89Updated 2 years ago
- A repo to house files for our blogposts on blog.nviso.eu☆72Updated 5 months ago
- RDPThief donut shellcode inject into mstsc☆87Updated 4 years ago
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.☆65Updated last year
- Repository for archiving Cobalt Strike configuration☆33Updated last week
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆57Updated 2 years ago
- ☆13Updated 5 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆174Updated 2 months ago