Te-k / cobaltstrike
Code and yara rules to detect and analyze Cobalt Strike
☆263Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for cobaltstrike
- ☆446Updated 3 years ago
- Tool based on CobaltStrikeParser from SentinelOne which can be used to spam a CobaltStrike server with fake beacons☆367Updated 3 years ago
- Cobalt Strike Beacon configuration extractor and parser.☆145Updated 3 years ago
- ☆130Updated 9 months ago
- A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object☆164Updated 2 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆481Updated 2 years ago
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆900Updated 3 years ago
- A collection of scripts for dealing with Cobalt Strike beacons in Python☆167Updated 3 years ago
- ☆1,021Updated 10 months ago
- Sigma rules from Joe Security☆203Updated this week
- PCAP Samples for Different Post Exploitation Techniques☆344Updated 3 years ago
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆122Updated 2 years ago
- Automatically created C2 Feeds☆529Updated this week
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆308Updated last year
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆241Updated last year
- Active C2 IoCs☆96Updated last year
- Hunts out CobaltStrike beacons and logs operator command output☆884Updated 2 months ago
- An easy ATT&CK-based Sysmon hunting tool, showing in Blackhat USA 2019 Arsenal☆202Updated 2 years ago
- IOC from articles, tweets for archives☆310Updated 10 months ago
- ☆525Updated 11 months ago
- Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets☆132Updated 4 years ago
- Scripts for performing and detecting parent PID spoofing☆138Updated 4 years ago
- Run shellcode from resource☆253Updated 3 years ago
- Excel Macro Document Reader/Writer for Red Teamers & Analysts☆514Updated 2 years ago
- Digital forensic acquisition tool for Windows based incident response.☆334Updated 6 months ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆146Updated 3 weeks ago
- Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-Cradle…☆289Updated 3 years ago
- Load any Beacon Object File using Powershell!☆245Updated 2 years ago
- Live forensic artifacts collector☆160Updated 4 months ago
- Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.☆138Updated 3 years ago