This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix
☆74Jan 26, 2022Updated 4 years ago
Alternatives and similar repositories for C2-Matrix-Indicators
Users that are interested in C2-Matrix-Indicators are comparing it to the libraries listed below
Sorting:
- ☆33Feb 26, 2022Updated 4 years ago
- This is a repo for fetching Applocker event log by parsing the win-event log☆31Aug 6, 2022Updated 3 years ago
- Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.☆68Apr 12, 2022Updated 3 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆209Jul 21, 2022Updated 3 years ago
- A list of JARM hashes for different ssl implementations used by some C2/red team tools.☆144Apr 20, 2023Updated 2 years ago
- ☆23Jun 1, 2022Updated 3 years ago
- Threat Box Assessment Tool☆19Mar 5, 2026Updated 2 weeks ago
- A simple command line program to help defender test their detections for network beacon patterns and domain fronting☆70Feb 3, 2022Updated 4 years ago
- A collection of sample code used in some experiments with Sliver C2☆16Mar 28, 2023Updated 2 years ago
- Tools related to work with Attack Flow (https://github.com/center-for-threat-informed-defense/attack-flow)☆44Jun 6, 2022Updated 3 years ago
- Citrix Phishlet☆24Feb 2, 2021Updated 5 years ago
- Notification webhook for GoPhish☆57Jun 10, 2024Updated last year
- Collection of tools that reflect the network dimension into Bloodhound's data☆446Oct 19, 2022Updated 3 years ago
- The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…☆154Apr 25, 2022Updated 3 years ago
- WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement☆369Dec 24, 2021Updated 4 years ago
- A MITRE ATT&CK Lookup Tool☆46Apr 25, 2024Updated last year
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- MalwareAnalysis☆12Dec 19, 2020Updated 5 years ago
- Cyber Analytics Platform and Examination System (CAPES) Project Page☆14Feb 1, 2022Updated 4 years ago
- Aims to identify sleeping beacons☆663Jan 25, 2026Updated last month
- A repository hosting example goodware evtx logs containing sample software installation and basic user interaction☆87Mar 11, 2026Updated last week
- Create a cool process tree like https://twitter.com/ACEResponder.☆35Mar 1, 2023Updated 3 years ago
- Pure C++, weaponized, fully automated implementation of RottenPotatoNG☆314Sep 16, 2021Updated 4 years ago
- Apply a filter to the events being reported by windows event logging☆263Apr 24, 2021Updated 4 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- A collection of tools adversaries commonly use in an attack.☆14Nov 23, 2024Updated last year
- ☆19Jan 31, 2025Updated last year
- A wireshark plugin to instrument ETW☆580Jan 28, 2022Updated 4 years ago
- ☆28Dec 28, 2017Updated 8 years ago
- Execute Mimikatz with different technique☆51Nov 8, 2021Updated 4 years ago
- Playing with PE's and Building Structures by Hand☆22Apr 21, 2022Updated 3 years ago
- Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in…☆104Apr 18, 2022Updated 3 years ago
- DLL Hijack Search Order Enumeration BOF☆149Nov 3, 2021Updated 4 years ago
- ☆20Feb 22, 2021Updated 5 years ago
- How to set up a local copy of Have-I-Been-Pwned's password checking service☆21Aug 19, 2021Updated 4 years ago
- ☆51Jun 28, 2022Updated 3 years ago
- Vampire is an aggressor script which integrates with BloodHound to mark nodes as owned.☆79Apr 6, 2021Updated 4 years ago
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆34Sep 15, 2022Updated 3 years ago
- A dataset of phishing kits in the wild☆15Jun 1, 2024Updated last year