Immersive-Labs-Sec / BruteRatel-DetectionToolsLinks
A collection of Tools and Rules for decoding Brute Ratel C4 badgers
☆66Updated 3 years ago
Alternatives and similar repositories for BruteRatel-DetectionTools
Users that are interested in BruteRatel-DetectionTools are comparing it to the libraries listed below
Sorting:
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆88Updated 3 years ago
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆88Updated 2 years ago
- ☆74Updated 3 years ago
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆75Updated 3 years ago
- pypykatz plugin for volatility3 framework☆43Updated 4 months ago
- Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.☆118Updated 4 years ago
- ☆10Updated 2 years ago
- ☆43Updated 3 years ago
- AdHoc solutions☆48Updated 2 years ago
- Finding secrets in kernel and user memory☆115Updated 2 years ago
- ☆45Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆50Updated 2 years ago
- A repo to house files for our blogposts on blog.nviso.eu☆74Updated 7 months ago
- Default Detections for EDR☆96Updated last year
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆104Updated 4 years ago
- ☆57Updated 4 years ago
- C# version of NTLMRawUnHide☆72Updated 3 years ago
- .NET project for installing Persistence☆63Updated 3 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆90Updated 3 years ago
- ☆113Updated 3 years ago
- PoC-Malware-TTPs☆49Updated 2 years ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆53Updated 3 years ago
- 🐾Dogwalk PoC (using diagcab file to obtain RCE on windows)☆79Updated 3 years ago
- Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.☆117Updated 3 years ago
- RDPThief donut shellcode inject into mstsc☆88Updated 4 years ago
- ☆13Updated 5 years ago
- Tool to manage user privileges☆30Updated 6 years ago
- Execute PowerShell code at the antimalware-light protection level.☆141Updated 2 years ago
- Windows Persistence Toolkit in C#☆37Updated 3 years ago
- A PoC for achieving persistence via push notifications on Windows☆47Updated 2 years ago