RomanEmelyanov/CobaltStrikeForensic external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

RomanEmelyanov/CobaltStrikeForensic

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/RomanEmelyanov/CobaltStrikeForensic)

Close

RomanEmelyanov / CobaltStrikeForensicView on GitHubMore

• External links
• Readme badge

Toolset for research malware and Cobalt Strike beacons

☆211Mar 11, 2025Updated last year

Alternatives and similar repositories for CobaltStrikeForensic

Users that are interested in CobaltStrikeForensic are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Sentinel-One / CobaltStrikeParser

  View on GitHub
  ☆1,133Dec 19, 2023Updated 2 years ago
• Apr4h / CobaltStrikeScan

  View on GitHub
  Scan files or process memory for CobaltStrike beacons and parse their configuration
  ☆920Aug 19, 2021Updated 4 years ago
• Te-k / cobaltstrike

  View on GitHub
  Code and yara rules to detect and analyze Cobalt Strike
  ☆273May 5, 2021Updated 4 years ago
• StrangerealIntel / CyberThreatIntel

  View on GitHub
  Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
  ☆725Dec 26, 2022Updated 3 years ago
• whickey-r7 / grab_beacon_config

  View on GitHub
  ☆451Aug 4, 2021Updated 4 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• Cobalt-Strike / beacon_health_check

  View on GitHub
  This aggressor script uses a beacon's note field to indicate the health status of a beacon.
  ☆141Sep 29, 2021Updated 4 years ago
• qigpig / bypass-beacon-config-scan

  View on GitHub
  Bypass cobaltstrike beacon config scan
  ☆85May 24, 2021Updated 4 years ago
• offsecginger / AES-PowerShellCode

  View on GitHub
  Standalone version of my AES Powershell payload for Cobalt Strike.
  ☆111Dec 27, 2019Updated 6 years ago
• b4rtik / RedPeanut

  View on GitHub
  RedPeanut is a small RAT developed in .Net Core 2 and its agent in .Net 3.5 / 4.0.
  ☆330Jul 7, 2023Updated 2 years ago
• beahunt3r / Windows-Hunting

  View on GitHub
  ☆349Mar 19, 2021Updated 5 years ago
• nccgroup / pybeacon

  View on GitHub
  A collection of scripts for dealing with Cobalt Strike beacons in Python
  ☆169Jan 5, 2021Updated 5 years ago
• dcsync / pycobalt

  View on GitHub
  Cobalt Strike Python API
  ☆304Jan 27, 2022Updated 4 years ago
• harleyQu1nn / AggressorScripts

  View on GitHub
  Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
  ☆1,528Jun 30, 2023Updated 2 years ago
• v-p-b / cve-2019-12750

  View on GitHub
  sploit
  ☆67Dec 21, 2019Updated 6 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• hekadan / CVE-2019-7609

  View on GitHub
  ☆21Dec 1, 2019Updated 6 years ago
• rvrsh3ll / CPLResourceRunner

  View on GitHub
  Run shellcode from resource
  ☆259Dec 13, 2020Updated 5 years ago
• JPCERTCC / MalConfScan

  View on GitHub
  Volatility plugin for extracts configuration data of known malware
  ☆494Dec 22, 2023Updated 2 years ago
• MichaelKoczwara / Awesome-CobaltStrike-Defence

  View on GitHub
  Defences against Cobalt Strike
  ☆1,297Jul 14, 2022Updated 3 years ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,549Jan 24, 2023Updated 3 years ago
• outflanknl / Excel4-DCOM

  View on GitHub
  PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
  ☆328Mar 26, 2019Updated 7 years ago
• mhaskar / shellcode-process-injection

  View on GitHub
  Simple C implementation to perform shellcode process injection via win32 APIs
  ☆63Jan 2, 2020Updated 6 years ago
• malware-unicorn / MacOS_VBA_Macro

  View on GitHub
  Example VBA Macro for MacOS Mojave
  ☆67Oct 31, 2018Updated 7 years ago
• mgreen27 / Invoke-LiveResponse

  View on GitHub
  Invoke-LiveResponse
  ☆150Feb 22, 2022Updated 4 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• rasta-mouse / AsyncNamedPipes

  View on GitHub
  Send and receive messages over Named Pipes asynchronously.
  ☆39Sep 17, 2021Updated 4 years ago
• fox-it / cobaltstrike-extraneous-space

  View on GitHub
  Historical list of {Cobalt Strike,NanoHTTPD} servers
  ☆121Apr 30, 2019Updated 6 years ago
• killswitch-GUI / CobaltStrike-ToolKit

  View on GitHub
  Some useful scripts for CobaltStrike
  ☆856Dec 17, 2020Updated 5 years ago
• Mr-Un1k0d3r / RemoteProcessInjection

  View on GitHub
  C# remote process injection utility for Cobalt Strike
  ☆88Mar 9, 2020Updated 6 years ago
• Mr-Un1k0d3r / PowerLessShell

  View on GitHub
  Run PowerShell command without invoking powershell.exe
  ☆1,548Apr 9, 2026Updated last week
• med0x2e / NoAmci

  View on GitHub
  Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
  ☆219Mar 5, 2020Updated 6 years ago
• sorasuzukidev / ethereum-bnb-mev-bot

  View on GitHub
  🔵 Ethereum and BNB (BSC) Mev bot - Arbitrage
  ☆362Mar 4, 2026Updated last month
• randomuserid / Adama

  View on GitHub
  Searches For Threat Hunting and Security Analytics
  ☆239Mar 26, 2025Updated last year
• curi0usJack / rubeus2ccache

  View on GitHub
  Extracts all base64 ticket data from a rubeus /dump file and converts the tickets to ccache files for easy use with other tools.
  ☆66Oct 3, 2020Updated 5 years ago
• Serverless GPU API endpoints on Runpod - Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• outflanknl / Spray-AD

  View on GitHub
  A Cobalt Strike tool to audit Active Directory user accounts for weak, well known or easy guessable passwords.
  ☆442Apr 1, 2022Updated 4 years ago
• Mr-Un1k0d3r / PoisonHandler

  View on GitHub
  lateral movement techniques that can be used during red team exercises
  ☆278Jan 13, 2020Updated 6 years ago
• outflanknl / Ps-Tools

  View on GitHub
  Ps-Tools, an advanced process monitoring toolkit for offensive operations
  ☆354Dec 1, 2020Updated 5 years ago
• rasta-mouse / TikiTorch

  View on GitHub
  Process Injection
  ☆767Oct 24, 2021Updated 4 years ago
• outflanknl / Recon-AD

  View on GitHub
  Recon-AD, an AD recon tool based on ADSI and reflective DLL’s
  ☆331Oct 20, 2019Updated 6 years ago
• swisscom / PowerSponse

  View on GitHub
  PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
  ☆40Mar 18, 2022Updated 4 years ago
• 001SPARTaN / aggressor_scripts

  View on GitHub
  A collection of useful scripts for Cobalt Strike
  ☆173Aug 15, 2024Updated last year