Programmatically create hunting rules for deserialization exploitation with multiple keywords, gadget chains, object types, encodings, and rule types
☆142Jun 1, 2023Updated 2 years ago
Alternatives and similar repositories for heyserial
Users that are interested in heyserial are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A simple command line program to help defender test their detections for network beacon patterns and domain fronting☆70Feb 3, 2022Updated 4 years ago
- Python's handling of NaN is....interesting?broken?...this project illustrates the issue☆13Dec 28, 2021Updated 4 years ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider☆139Sep 14, 2021Updated 4 years ago
- ☆33Feb 26, 2022Updated 4 years ago
- C# alternative to the linux "cat" command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly☆15Jul 15, 2021Updated 4 years ago
- Nim-based assembly packer and shellcode loader for opsec & profit☆488Feb 24, 2023Updated 3 years ago
- ☆39Jul 29, 2021Updated 4 years ago
- Rip Raw is a small tool to analyse the memory of compromised Linux systems.☆133Jan 31, 2022Updated 4 years ago
- Threat Box Assessment Tool☆19Mar 5, 2026Updated 2 weeks ago
- Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.☆68Apr 12, 2022Updated 3 years ago
- A Visual Studio Code Extension agent for Mythic C2☆72Nov 5, 2024Updated last year
- 🐚ᴠʟᴀɴɢ ʀᴇᴠᴇʀsᴇ sʜᴇʟʟ🐚☆11Apr 28, 2022Updated 3 years ago
- A quick handy script to harvest credentials off of a user during a Red Team and get execution of a file from the user☆253Mar 7, 2022Updated 4 years ago
- Collection of Azure Tools to Pull down for Attacking an Environment + quick tips and other useful information☆78Dec 7, 2025Updated 3 months ago
- DInvisibleRegistry☆83Nov 20, 2020Updated 5 years ago
- The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…☆154Apr 25, 2022Updated 3 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆74Jan 26, 2022Updated 4 years ago
- .NET implementation of Cobalt Strike's External C2 Spec☆89Nov 12, 2021Updated 4 years ago
- D/Invoke port of UrbanBishop☆108Jul 19, 2020Updated 5 years ago
- ☆614Jun 1, 2023Updated 2 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆219Mar 5, 2020Updated 6 years ago
- Collection of tools that reflect the network dimension into Bloodhound's data☆446Oct 19, 2022Updated 3 years ago
- official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)☆233Jun 10, 2022Updated 3 years ago
- Code and yara rules to detect and analyze Cobalt Strike☆272May 5, 2021Updated 4 years ago
- WhoAmI by asking the LDAP service on a domain controller.☆65Feb 8, 2022Updated 4 years ago
- Adaptive DLL hijacking / dynamic export forwarding☆807Jul 6, 2020Updated 5 years ago
- Harvis is designed to automate your C2 Infrastructure.☆106Jul 10, 2022Updated 3 years ago
- Automatically create YARA rules from malicious documents.☆211May 16, 2022Updated 3 years ago
- Resolve syscall numbers at runtime for all Windows versions.☆59Nov 21, 2024Updated last year
- Aims to identify sleeping beacons☆663Jan 25, 2026Updated last month
- ☆10Oct 25, 2020Updated 5 years ago
- ADExplorerSnapshot.py is an AD Explorer snapshot parser. It is made as an ingestor for BloodHound via BOFHound, and also supports full-ob…☆1,063Jan 22, 2026Updated 2 months ago
- CloudFlare Worker Shell☆14Aug 29, 2020Updated 5 years ago
- web application pentesting tools for docker☆17Aug 9, 2022Updated 3 years ago
- ☆13Dec 29, 2022Updated 3 years ago
- Ansible playbooks for instrumenting a Red Team environment with RedElk☆52Oct 6, 2020Updated 5 years ago