Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
☆133Mar 28, 2022Updated 3 years ago
Alternatives and similar repositories for cobaltstrike-beacon-data
Users that are interested in cobaltstrike-beacon-data are comparing it to the libraries listed below
Sorting:
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆186Jun 23, 2025Updated 8 months ago
- Threat Box Assessment Tool☆19Aug 15, 2021Updated 4 years ago
- Automatically created C2 Feeds☆666Updated this week
- Code and yara rules to detect and analyze Cobalt Strike☆272May 5, 2021Updated 4 years ago
- Yara rules☆22Mar 27, 2023Updated 2 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- ☆1,131Dec 19, 2023Updated 2 years ago
- The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…☆154Apr 25, 2022Updated 3 years ago
- Hunts out CobaltStrike beacons and logs operator command output☆950Sep 4, 2024Updated last year
- Initial triage of Windows Event logs☆106Jun 16, 2024Updated last year
- YARI is an interactive debugger for YARA Language.☆90Sep 10, 2025Updated 5 months ago
- A simple way of detecting multithreaded exfiltration in Zeek.☆15May 1, 2025Updated 10 months ago
- Defences against Cobalt Strike☆1,296Jul 14, 2022Updated 3 years ago
- Active C2 IoCs☆99Nov 28, 2022Updated 3 years ago
- ☆153Jul 31, 2022Updated 3 years ago
- A collection of tips for using MISP.☆76Dec 11, 2024Updated last year
- A repository containing the research output from my GCFE Gold Paper which compared Windows 10 and Windows 11.☆27Jul 27, 2022Updated 3 years ago
- ☆33Feb 26, 2022Updated 4 years ago
- Repository to provide files related to our blog articles.☆16May 26, 2025Updated 9 months ago
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆134Jan 31, 2022Updated 4 years ago
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆86Dec 17, 2025Updated 2 months ago
- macOS Artifact Intelligence Tool☆13Apr 30, 2019Updated 6 years ago
- Sysmon-Like research tool for ETW☆386Nov 15, 2022Updated 3 years ago
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆922Aug 19, 2021Updated 4 years ago
- MAL-CL (Malicious Command-Line)☆322Jan 10, 2023Updated 3 years ago
- APT-Hunter is Threat Hunting tool for windows event logs which made by purple team mindset to provide detect APT movements hidden in the …☆1,402Nov 7, 2024Updated last year
- Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged☆89Jul 7, 2022Updated 3 years ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,370Oct 27, 2023Updated 2 years ago
- Misc Threat Hunting Resources☆377Jan 26, 2023Updated 3 years ago
- ☆93Jul 30, 2025Updated 7 months ago
- ☆28Dec 2, 2021Updated 4 years ago
- Tool based on CobaltStrikeParser from SentinelOne which can be used to spam a CobaltStrike server with fake beacons☆370Sep 29, 2025Updated 5 months ago
- Evtx Log (xml) Browser☆56Mar 12, 2023Updated 2 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆74Jan 26, 2022Updated 4 years ago
- Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.☆147Sep 8, 2022Updated 3 years ago
- A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs☆785Feb 22, 2026Updated last week
- ☆451Aug 4, 2021Updated 4 years ago
- ☆553Dec 4, 2023Updated 2 years ago
- Windows Event Log "Microsoft-Windows-Partition%4Diagnostic.evtx" parser and devices' VSNs extractor.☆20Nov 28, 2023Updated 2 years ago