A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
☆168Oct 14, 2022Updated 3 years ago
Alternatives and similar repositories for melting-cobalt
Users that are interested in melting-cobalt are comparing it to the libraries listed below
Sorting:
- Defences against Cobalt Strike☆1,296Jul 14, 2022Updated 3 years ago
- Code and yara rules to detect and analyze Cobalt Strike☆272May 5, 2021Updated 4 years ago
- Presentation materials for talks I've given.☆20Oct 14, 2019Updated 6 years ago
- C# Data Collector for the BloodHound Project, Version 3☆37Dec 28, 2021Updated 4 years ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆93Sep 7, 2023Updated 2 years ago
- USB HID driver emulation with PID/VID (0x3bca/0x27bb) of Plenom A/S Busylight Alpha, that is supported by Mimikatz. When mimikatz is exec…☆21Sep 6, 2022Updated 3 years ago
- ☆36Jan 11, 2023Updated 3 years ago
- Converting data from services like Censys and Shodan to a common data model☆52Feb 22, 2026Updated last week
- ☆14Mar 9, 2023Updated 2 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.☆69Apr 12, 2022Updated 3 years ago
- A repository of curated datasets from various attacks☆726Updated this week
- Detect and respond to Cobalt Strike beacons using ETW.☆516Jul 15, 2022Updated 3 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆208Jul 21, 2022Updated 3 years ago
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆60Dec 15, 2023Updated 2 years ago
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆922Aug 19, 2021Updated 4 years ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆94Mar 8, 2023Updated 2 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆74Jan 26, 2022Updated 4 years ago
- ☆1,131Dec 19, 2023Updated 2 years ago
- Automatically created C2 Feeds☆666Updated this week
- ☆54Sep 6, 2020Updated 5 years ago
- ☆21May 8, 2022Updated 3 years ago
- This aggressor script uses a beacon's note field to indicate the health status of a beacon.☆141Sep 29, 2021Updated 4 years ago
- The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson☆159Jun 15, 2023Updated 2 years ago
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 6 months ago
- Rhaegal is a tool written in Python 3 used to scan Windows Event Logs for suspicious logs. Rhaegal uses custom rule format to detect sus…☆42Sep 21, 2023Updated 2 years ago
- VSCode extension for the YARA pattern matching language☆63Jan 10, 2024Updated 2 years ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆341Dec 3, 2025Updated 3 months ago
- ☆21Aug 31, 2022Updated 3 years ago
- Aims to identify sleeping beacons☆662Jan 25, 2026Updated last month
- Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.☆152Sep 3, 2020Updated 5 years ago
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆133Mar 28, 2022Updated 3 years ago
- ☆451Aug 4, 2021Updated 4 years ago
- Exactly what it sounds like, which is something rad☆22Oct 12, 2022Updated 3 years ago
- Re-play Security Events☆1,725Mar 20, 2024Updated last year
- Python-based cloud node for local use☆11Mar 7, 2018Updated 7 years ago
- ☆11Jun 12, 2023Updated 2 years ago
- Detect Tactics, Techniques & Combat Threats☆2,264Jan 21, 2026Updated last month
- Windows Events Attack Samples☆2,515Jan 24, 2023Updated 3 years ago