Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule types
☆142Jun 1, 2023Updated 2 years ago
Alternatives and similar repositories for heyserial
Users that are interested in heyserial are comparing it to the libraries listed below
Sorting:
- A simple command line program to help defender test their detections for network beacon patterns and domain fronting☆70Feb 3, 2022Updated 4 years ago
- ☆10Oct 25, 2020Updated 5 years ago
- A Visual Studio Code Extension agent for Mythic C2☆71Nov 5, 2024Updated last year
- Nim-based assembly packer and shellcode loader for opsec & profit☆488Feb 24, 2023Updated 3 years ago
- ☆33Feb 26, 2022Updated 4 years ago
- ☆39Jul 29, 2021Updated 4 years ago
- A quick handy script to harvest credentials off of a user during a Red Team and get execution of a file from the user☆254Mar 7, 2022Updated 3 years ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider☆139Sep 14, 2021Updated 4 years ago
- Python's handling of NaN is....interesting?broken?...this project illustrates the issue☆13Dec 28, 2021Updated 4 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- C# alternative to the linux "cat" command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly☆15Jul 15, 2021Updated 4 years ago
- Aims to identify sleeping beacons☆662Jan 25, 2026Updated last month
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆134Jan 31, 2022Updated 4 years ago
- D/Invoke port of UrbanBishop☆108Jul 19, 2020Updated 5 years ago
- Resolve syscall numbers at runtime for all Windows versions.☆59Nov 21, 2024Updated last year
- Harvis is designed to automate your C2 Infrastructure.☆106Jul 10, 2022Updated 3 years ago
- Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information☆77Dec 7, 2025Updated 2 months ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆218Mar 5, 2020Updated 5 years ago
- .NET implementation of Cobalt Strike's External C2 Spec☆89Nov 12, 2021Updated 4 years ago
- Code and yara rules to detect and analyze Cobalt Strike☆272May 5, 2021Updated 4 years ago
- Automatically create YARA rules from malicious documents.☆211May 16, 2022Updated 3 years ago
- Penetration testing utility and antivirus assessment tool.☆315Apr 25, 2023Updated 2 years ago
- Collection of tools that reflect the network dimension into Bloodhound's data☆446Oct 19, 2022Updated 3 years ago
- Cobalt Strike Beacon configuration extractor and parser.☆160Oct 30, 2025Updated 4 months ago
- ☆332Dec 8, 2022Updated 3 years ago
- FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads☆385Apr 16, 2022Updated 3 years ago
- TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts☆1,369Oct 22, 2025Updated 4 months ago
- Service Enumeration C# .NET Assembly☆58Sep 14, 2021Updated 4 years ago
- ☆615Jun 1, 2023Updated 2 years ago
- 🐚ᴠʟᴀɴɢ ʀᴇᴠᴇʀsᴇ sʜᴇʟʟ🐚☆11Apr 28, 2022Updated 3 years ago
- Supporting material for the "Hunting Bugs In The Tropics" DEFCON 30 talk☆10Aug 18, 2022Updated 3 years ago
- Extra cmdlets to help with quering security related information from Azure☆14Sep 16, 2024Updated last year
- ☆12Jul 2, 2023Updated 2 years ago
- ☆12Jun 22, 2022Updated 3 years ago
- Threat Box Assessment Tool☆19Aug 15, 2021Updated 4 years ago
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆86Nov 8, 2023Updated 2 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- An open source swiss army knife for arbitrary communication over application protocols☆244Dec 10, 2020Updated 5 years ago