MichaelKoczwara/Awesome-CobaltStrike-Defence external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

MichaelKoczwara/Awesome-CobaltStrike-Defence

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/MichaelKoczwara/Awesome-CobaltStrike-Defence)

Close

MichaelKoczwara / Awesome-CobaltStrike-DefenceView on GitHubMore

• External links
• Readme badge

Defences against Cobalt Strike

☆1,296Jul 14, 2022Updated 3 years ago

Alternatives and similar repositories for Awesome-CobaltStrike-Defence

Users that are interested in Awesome-CobaltStrike-Defence are comparing it to the libraries listed below

• Apr4h / CobaltStrikeScan

  View on GitHub
  Scan files or process memory for CobaltStrike beacons and parse their configuration
  ☆922Aug 19, 2021Updated 4 years ago
• Sentinel-One / CobaltStrikeParser

  View on GitHub
  ☆1,132Dec 19, 2023Updated 2 years ago
• CCob / BeaconEye

  View on GitHub
  Hunts out CobaltStrike beacons and logs operator command output
  ☆950Sep 4, 2024Updated last year
• whickey-r7 / grab_beacon_config

  View on GitHub
  ☆451Aug 4, 2021Updated 4 years ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,517Jan 24, 2023Updated 3 years ago
• 3lp4tr0n / BeaconHunter

  View on GitHub
  Detect and respond to Cobalt Strike beacons using ETW.
  ☆516Jul 15, 2022Updated 3 years ago
• zer0yu / Awesome-CobaltStrike

  View on GitHub
  List of Awesome CobaltStrike Resources
  ☆4,386Sep 20, 2023Updated 2 years ago
• Te-k / cobaltstrike

  View on GitHub
  Code and yara rules to detect and analyze Cobalt Strike
  ☆272May 5, 2021Updated 4 years ago
• Mr-Un1k0d3r / EDRs

  View on GitHub
  ☆2,168Feb 21, 2023Updated 3 years ago
• optiv / ScareCrow

  View on GitHub
  ScareCrow - Payload creation framework designed around EDR bypass.
  ☆2,876Aug 18, 2023Updated 2 years ago
• mgeeky / RedWarden

  View on GitHub
  Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation
  ☆991Oct 7, 2022Updated 3 years ago
• ahmedkhlief / APT-Hunter

  View on GitHub
  APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the …
  ☆1,402Nov 7, 2024Updated last year
• mgeeky / cobalt-arsenal

  View on GitHub
  My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+
  ☆1,097Apr 19, 2023Updated 2 years ago
• blackorbird / APT_REPORT

  View on GitHub
  Interesting APT Report Collection And Some Special IOCs
  ☆2,929Updated this week
• threatexpress / malleable-c2

  View on GitHub
  Cobalt Strike Malleable C2 Design and Reference Guide
  ☆1,751Dec 13, 2023Updated 2 years ago
• OTRF / Security-Datasets

  View on GitHub
  Re-play Security Events
  ☆1,725Mar 20, 2024Updated last year
• bats3c / shad0w

  View on GitHub
  A post exploitation framework designed to operate covertly on heavily monitored environments
  ☆2,168Sep 29, 2021Updated 4 years ago
• NextronSystems / APTSimulator

  View on GitHub
  A toolset to make a system look as if it was the victim of an APT attack
  ☆2,714Sep 23, 2025Updated 5 months ago
• RedSiege / C2concealer

  View on GitHub
  C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.
  ☆1,097Jun 25, 2024Updated last year
• ReversecLabs / C3

  View on GitHub
  Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing…
  ☆1,729Jan 16, 2026Updated last month
• byt3bl33d3r / pyMalleableC2

  View on GitHub
  Python interpreter for Cobalt Strike Malleable C2 Profiles. Allows you to parse, build and modify them programmatically.
  ☆284Oct 29, 2024Updated last year
• 0xrawsec / whids

  View on GitHub
  Open Source EDR for Windows
  ☆1,297Feb 25, 2023Updated 3 years ago
• OTRF / ThreatHunter-Playbook

  View on GitHub
  A community-driven, open-source project to share detection logic, adversary tradecraft and resources to make detection development more e…
  ☆4,492Jan 12, 2026Updated last month
• jthuraisamy / SysWhispers2

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,795Sep 3, 2022Updated 3 years ago
• S1ckB0y1337 / Cobalt-Strike-CheatSheet

  View on GitHub
  Some notes and examples for cobalt strike's functionality
  ☆1,128Feb 8, 2022Updated 4 years ago
• boku7 / BokuLoader

  View on GitHub
  A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
  ☆1,400Nov 22, 2023Updated 2 years ago
• CCob / SharpBlock

  View on GitHub
  A method of bypassing EDR's active projection DLL's by preventing entry point exection
  ☆1,163Mar 31, 2021Updated 4 years ago
• RCStep / CSSG

  View on GitHub
  Cobalt Strike Shellcode Generator
  ☆669Jan 8, 2025Updated last year
• ethereal-vx / Antivirus-Artifacts

  View on GitHub
  Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
  ☆754Nov 16, 2021Updated 4 years ago
• WithSecureLabs / chainsaw

  View on GitHub
  Rapidly Search and Hunt through Windows Forensic Artefacts
  ☆3,467Mar 2, 2026Updated last week
• bluscreenofjeff / Red-Team-Infrastructure-Wiki

  View on GitHub
  Wiki to collect Red Team infrastructure hardening resources
  ☆4,454Oct 1, 2025Updated 5 months ago
• cobbr / Covenant

  View on GitHub
  Covenant is a collaborative .NET C2 framework for red teamers.
  ☆4,625Jul 18, 2024Updated last year
• rabobank-cdc / DeTTECT

  View on GitHub
  Detect Tactics, Techniques & Combat Threats
  ☆2,268Jan 21, 2026Updated last month
• ScarredMonk / SysmonSimulator

  View on GitHub
  Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detection…
  ☆864Jan 20, 2022Updated 4 years ago
• olafhartong / sysmon-modular

  View on GitHub
  A repository of sysmon configuration modules
  ☆2,987Aug 21, 2024Updated last year
• clong / DetectionLab

  View on GitHub
  Automate the creation of a lab environment complete with security tooling and logging best practices
  ☆4,909Jul 6, 2024Updated last year
• mandiant / red_team_tool_countermeasures

  View on GitHub
  ☆2,665Mar 5, 2024Updated 2 years ago
• gloxec / CrossC2

  View on GitHub
  generate CobaltStrike's cross-platform payload
  ☆2,544Nov 20, 2023Updated 2 years ago
• darkr4y / geacon

  View on GitHub
  Practice Go programming and implement CobaltStrike's Beacon in Go
  ☆1,262Oct 2, 2020Updated 5 years ago