Te-k / cobaltstrikeLinks
Code and yara rules to detect and analyze Cobalt Strike
☆269Updated 4 years ago
Alternatives and similar repositories for cobaltstrike
Users that are interested in cobaltstrike are comparing it to the libraries listed below
Sorting:
- Cobalt Strike Beacon configuration extractor and parser.☆154Updated 3 years ago
- ☆452Updated 3 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆504Updated 3 years ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆168Updated 2 years ago
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆125Updated 3 years ago
- Beta versions of my software☆259Updated last month
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆173Updated last month
- PCAP Samples for Different Post Exploitation Techniques☆363Updated 4 years ago
- Tool based on CobaltStrikeParser from SentinelOne which can be used to spam a CobaltStrike server with fake beacons☆371Updated 3 years ago
- Setup scripts for my Malware Analysis VMs☆254Updated 3 years ago
- A collection of scripts for dealing with Cobalt Strike beacons in Python☆168Updated 4 years ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆283Updated last year
- ☆130Updated last year
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆333Updated 2 years ago
- ☆547Updated last year
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆913Updated 3 years ago
- Live forensic artifacts collector☆168Updated last year
- A list of JARM hashes for different ssl implementations used by some C2/red team tools.☆140Updated 2 years ago
- Signature engine for all your logs☆171Updated last year
- Active C2 IoCs☆99Updated 2 years ago
- Digital forensic acquisition tool for Windows based incident response.☆344Updated last year
- IOC from articles, tweets for archives☆315Updated last year
- Parses amcache.hve files, but with a twist!☆140Updated 6 months ago
- Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-Cradle…☆309Updated 3 years ago
- Evtx to Splunk ingestor☆15Updated 3 years ago
- Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.☆177Updated 6 months ago
- c2 traffic☆189Updated 2 years ago
- Sysmon EDR POC Build within Powershell to prove ability.☆226Updated 4 years ago
- Toolset for research malware and Cobalt Strike beacons☆211Updated 4 months ago
- ☆1,081Updated last year