Immersive-Labs-Sec / BruteRatel-DetectionToolsLinks
A collection of Tools and Rules for decoding Brute Ratel C4 badgers
☆64Updated 3 years ago
Alternatives and similar repositories for BruteRatel-DetectionTools
Users that are interested in BruteRatel-DetectionTools are comparing it to the libraries listed below
Sorting:
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆86Updated 3 years ago
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆89Updated last year
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆51Updated last year
- AdHoc solutions☆48Updated last year
- ☆10Updated 2 years ago
- ☆74Updated 2 years ago
- Quickly search for references to a GUID in DLLs, EXEs, and drivers☆74Updated 3 years ago
- ☆45Updated last year
- Default Detections for EDR☆96Updated last year
- Finding secrets in kernel and user memory☆116Updated last year
- ☆42Updated 3 years ago
- Execute PowerShell code at the antimalware-light protection level.☆141Updated 2 years ago
- Repository for archiving Cobalt Strike configuration☆33Updated this week
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Updated 3 years ago
- ☆18Updated last year
- RDLL for Cobalt Strike beacon to silence sysmon process☆89Updated 2 years ago
- My Malware Analysis Reports☆21Updated 3 years ago
- ☆13Updated 5 years ago
- .NET project for installing Persistence☆63Updated 3 years ago
- Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.☆61Updated 2 years ago
- pypykatz plugin for volatility3 framework☆41Updated 2 months ago
- C# version of NTLMRawUnHide☆72Updated 2 years ago
- Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).☆57Updated 2 years ago
- Use to copy a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures.☆118Updated 4 years ago
- Windows Persistence Toolkit in C#☆36Updated 2 years ago
- ☆84Updated 2 years ago
- Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and en…☆41Updated 10 months ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆173Updated last month
- ☆57Updated 4 years ago
- Yara Rules for Modern Malware☆78Updated last year