nasbench/C2-Matrix-Indicators external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

nasbench/C2-Matrix-Indicators

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/nasbench/C2-Matrix-Indicators)

Close

nasbench / C2-Matrix-IndicatorsView on GitHubMore

• External links
• Readme badge

This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix

☆74Jan 26, 2022Updated 4 years ago

Alternatives and similar repositories for C2-Matrix-Indicators

Users that are interested in C2-Matrix-Indicators are comparing it to the libraries listed below

• woanware / etw-event-dumper

  View on GitHub
  ☆33Feb 26, 2022Updated 4 years ago
• shabarkin / pointer

  View on GitHub
  Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.
  ☆69Apr 12, 2022Updated 3 years ago
• cedowens / C2-JARM

  View on GitHub
  A list of JARM hashes for different ssl implementations used by some C2/red team tools.
  ☆144Apr 20, 2023Updated 2 years ago
• Cyb3r-Monk / RITA-J

  View on GitHub
  Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.
  ☆208Jul 21, 2022Updated 3 years ago
• DominicBreuker / SliverSamples

  View on GitHub
  A collection of sample code used in some experiments with Sliver C2
  ☆16Mar 28, 2023Updated 2 years ago
• zeronetworks / BloodHound-Tools

  View on GitHub
  Collection of tools that reflect the network dimension into Bloodhound's data
  ☆446Oct 19, 2022Updated 3 years ago
• t94j0 / gophish-notifier

  View on GitHub
  Notification webhook for GoPhish
  ☆57Jun 10, 2024Updated last year
• t3hbb / citrixphishlet

  View on GitHub
  Citrix Phishlet
  ☆24Feb 2, 2021Updated 5 years ago
• mandiant / thiri-notebook

  View on GitHub
  The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…
  ☆154Apr 25, 2022Updated 3 years ago
• RomaissaAdjailia / Get-AppLockerEventlog

  View on GitHub
  This is a repo for fetching Applocker event log by parsing the win-event log
  ☆31Aug 6, 2022Updated 3 years ago
• vz-risk / flow

  View on GitHub
  Tools related to work with Attack Flow (https://github.com/center-for-threat-informed-defense/attack-flow)
  ☆44Jun 6, 2022Updated 3 years ago
• pwn1sher / WMEye

  View on GitHub
  WMEye is a post exploitation tool that uses WMI Event Filter and MSBuild Execution for lateral movement
  ☆369Dec 24, 2021Updated 4 years ago
• OllieJC / tbat

  View on GitHub
  Threat Box Assessment Tool
  ☆19Aug 15, 2021Updated 4 years ago
• mubix / local-hibp

  View on GitHub
  How to set up a local copy of Have-I-Been-Pwned's password checking service
  ☆21Aug 19, 2021Updated 4 years ago
• dsnezhkov / elfpack

  View on GitHub
  ☆50Jun 28, 2022Updated 3 years ago
• Octoberfest7 / Proxy_Egress_Persistence

  View on GitHub
  A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies
  ☆34Sep 15, 2022Updated 3 years ago
• ACE-Responder / ace-proctree

  View on GitHub
  Create a cool process tree like https://twitter.com/ACEResponder.
  ☆35Mar 1, 2023Updated 3 years ago
• ValcanK / HomeLab

  View on GitHub
  ☆20Feb 22, 2021Updated 5 years ago
• djhohnstein / HookDetector

  View on GitHub
  Playing with PE's and Building Structures by Hand
  ☆22Apr 21, 2022Updated 3 years ago
• klezVirus / CandyPotato

  View on GitHub
  Pure C++, weaponized, fully automated implementation of RottenPotatoNG
  ☆313Sep 16, 2021Updated 4 years ago
• boku7 / whereami

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL…
  ☆183Mar 13, 2023Updated 2 years ago
• jonny-jhnson / Windows-API-To-Sysmon-Events

  View on GitHub
  A repository that maps API calls to Sysmon Event ID's.
  ☆121Nov 14, 2022Updated 3 years ago
• jklepsercyber / defender-detectionhistory-parser

  View on GitHub
  A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.
  ☆117Jan 26, 2022Updated 4 years ago
• Raikia / SharpStat

  View on GitHub
  C# utility that uses WMI to run "cmd.exe /c netstat -n", save the output to a file, then use SMB to read and delete the file remotely
  ☆38Jan 3, 2020Updated 6 years ago
• mwnickerson / bloodhound_mcp

  View on GitHub
  A Model Context Protocol (MCP) server to converse with data in Bloodhound
  ☆60Updated this week
• asaurusrex / DoppelGate

  View on GitHub
  DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…
  ☆123Mar 25, 2022Updated 3 years ago
• vadim-hunter / Detection-Ideas-Rules

  View on GitHub
  Detection Ideas & Rules repository.
  ☆178Sep 10, 2021Updated 4 years ago
• BushidoUK / Abused-Legitimate-Services

  View on GitHub
  Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups
  ☆60Oct 28, 2022Updated 3 years ago
• Permiso-io-tools / DetentionDodger

  View on GitHub
  ☆19Jan 31, 2025Updated last year
• jangeisbauer / gundog2

  View on GitHub
  Microsoft 365 Defender Hunting via PowerShell.
  ☆14Feb 8, 2022Updated 4 years ago
• mobdk / WinBoost

  View on GitHub
  Execute Mimikatz with different technique
  ☆51Nov 8, 2021Updated 4 years ago
• EricZimmerman / Issues

  View on GitHub
  This is a repository for reporting any issues in any of my software
  ☆13May 15, 2018Updated 7 years ago
• ninoseki / phishing_kits_2021

  View on GitHub
  A dataset of phishing kits in the wild
  ☆15Jun 1, 2024Updated last year
• martinsohn / Office-phish-templates

  View on GitHub
  Tricks the target into enabling content (macros) with fake messages. Once enabled, uses macros to reduce the risk of suspision from targe…
  ☆172Mar 12, 2025Updated 11 months ago
• EspressoCake / DLL-Hijack-Search-Order-BOF

  View on GitHub
  DLL Hijack Search Order Enumeration BOF
  ☆149Nov 3, 2021Updated 4 years ago
• bats3c / EvtMute

  View on GitHub
  Apply a filter to the events being reported by windows event logging
  ☆262Apr 24, 2021Updated 4 years ago
• thefLink / Hunt-Sleeping-Beacons

  View on GitHub
  Aims to identify sleeping beacons
  ☆662Jan 25, 2026Updated last month
• EspressoCake / Process_Protection_Level_BOF

  View on GitHub
  ☆61Aug 30, 2021Updated 4 years ago
• njcve / inflate.py

  View on GitHub
  Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.
  ☆125Apr 9, 2022Updated 3 years ago