Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
☆187Mar 17, 2026Updated last week
Alternatives and similar repositories for dissect.cobaltstrike
Users that are interested in dissect.cobaltstrike are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆133Mar 28, 2022Updated 3 years ago
- ☆1,134Dec 19, 2023Updated 2 years ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆242Jan 4, 2023Updated 3 years ago
- Hunts out CobaltStrike beacons and logs operator command output☆951Sep 4, 2024Updated last year
- This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python withou…☆187Aug 3, 2025Updated 7 months ago
- Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.☆147Sep 8, 2022Updated 3 years ago
- Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.☆283Feb 8, 2024Updated 2 years ago
- An example of how a driver can register a handle creation callback.☆16Jun 12, 2023Updated 2 years ago
- Golang reverse proxy with CobaltStrike malleable profile validation.☆109Jan 19, 2023Updated 3 years ago
- ☆36Jan 11, 2023Updated 3 years ago
- A BOF to determine Windows Defender exclusions.☆253Jun 25, 2023Updated 2 years ago
- Move CS beacon to GPU memory when sleeping☆251Nov 19, 2021Updated 4 years ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 3 years ago
- Winsocket for Cobalt Strike.☆104Jul 6, 2023Updated 2 years ago
- ☆451Aug 4, 2021Updated 4 years ago
- Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind☆483Jul 12, 2023Updated 2 years ago
- ☆620Jul 21, 2025Updated 8 months ago
- CobaltStrike beacon in rust☆207Aug 10, 2024Updated last year
- A PoC implementation for dynamically masking call stacks with timers.☆308Feb 13, 2023Updated 3 years ago
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆921Aug 19, 2021Updated 4 years ago
- Cobalt Strike BOF for quser.exe implementation using Windows API☆87Mar 22, 2023Updated 3 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆772Sep 4, 2024Updated last year
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 4 months ago
- AutoStart teamserver and listeners with services☆75Dec 23, 2021Updated 4 years ago
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆742Jul 22, 2023Updated 2 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆335Jul 20, 2024Updated last year
- ☆164Apr 25, 2022Updated 3 years ago
- Remove API hooks from a Beacon process.☆282Sep 18, 2021Updated 4 years ago
- Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…☆220Jul 14, 2021Updated 4 years ago
- Detect and respond to Cobalt Strike beacons using ETW.☆516Jul 15, 2022Updated 3 years ago
- This aggressor script uses a beacon's note field to indicate the health status of a beacon.☆141Sep 29, 2021Updated 4 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,008Jun 4, 2024Updated last year
- Credential Guard Bypass Via Patching Wdigest Memory☆337Feb 3, 2023Updated 3 years ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆95Mar 8, 2023Updated 3 years ago
- A list of JARM hashes for different ssl implementations used by some C2/red team tools.☆144Apr 20, 2023Updated 2 years ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,374Oct 27, 2023Updated 2 years ago
- A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.☆220May 3, 2023Updated 2 years ago
- Cobalt Strike Beacon Object Files☆167May 2, 2022Updated 3 years ago