Immersive-Labs-Sec / SliverC2-Forensics
A collection of tools and detections for the Sliver C2 Frameworj
☆104Updated last year
Related projects: ⓘ
- A suite of tools to disrupt campaigns using the Sliver C2 framework.☆245Updated last year
- This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared☆84Updated 11 months ago
- Collection of Volatility2 profiles, generated against Linux kernels.☆25Updated last week
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆136Updated last month
- ☆34Updated 5 months ago
- ☆179Updated last year
- Cobalt Strike Beacon configuration extractor and parser.☆142Updated 3 years ago
- The Official Sliver Armory☆80Updated last month
- A ProcessMonitor visualization application written in rust.☆175Updated last year
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆190Updated last year
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆139Updated 4 months ago
- C2 Infrastructure Automation☆82Updated last month
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆145Updated 8 months ago
- ☆13Updated last year
- ☆181Updated 7 months ago
- Finding secrets in kernel and user memory☆112Updated last year
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆164Updated last year
- Active C&C Detector☆148Updated 11 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆171Updated last year
- A collection of tools, scripts and personal research☆104Updated 2 months ago
- Default Detections for EDR☆94Updated 6 months ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆120Updated 6 months ago
- ☆110Updated 2 years ago
- Signature-based detection of malware features based on Windows API call sequences. It's like YARA for sandbox API traces!☆80Updated last year
- Example code samples from our ScriptBlock Smuggling Blog post☆80Updated 3 months ago
- An interactive shell to spoof some LOLBins command line☆179Updated 7 months ago
- The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).☆259Updated 11 months ago
- C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps☆131Updated last month
- Execute shellcode files with rundll32☆171Updated 7 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆301Updated last year