A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
☆168Oct 14, 2022Updated 3 years ago
Alternatives and similar repositories for melting-cobalt
Users that are interested in melting-cobalt are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Presentation materials for talks I've given.☆20Oct 14, 2019Updated 6 years ago
- Defences against Cobalt Strike☆1,298Jul 14, 2022Updated 3 years ago
- Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.☆68Apr 12, 2022Updated 3 years ago
- ☆36Jan 11, 2023Updated 3 years ago
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆93Sep 7, 2023Updated 2 years ago
- Code and yara rules to detect and analyze Cobalt Strike☆272May 5, 2021Updated 4 years ago
- A parser of Windows Defender's DetectionHistory forensic artifact, containing substantial info about quarantined files and executables.☆117Jan 26, 2022Updated 4 years ago
- Open Dataset of Cobalt Strike Beacon metadata (2018-2022)☆133Mar 28, 2022Updated 3 years ago
- Converting data from services like Censys and Shodan to a common data model☆52Feb 22, 2026Updated last month
- A repository of curated datasets from various attacks☆746Mar 18, 2026Updated last week
- USB HID driver emulation with PID/VID (0x3bca/0x27bb) of Plenom A/S Busylight Alpha, that is supported by Mimikatz. When mimikatz is exec…☆21Sep 6, 2022Updated 3 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆209Jul 21, 2022Updated 3 years ago
- ☆21May 8, 2022Updated 3 years ago
- Scan files or process memory for CobaltStrike beacons and parse their configuration☆921Aug 19, 2021Updated 4 years ago
- ☆14Mar 9, 2023Updated 3 years ago
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆60Dec 15, 2023Updated 2 years ago
- This repository aims to collect and document indicators from the different C2's listed in the C2-Matrix☆74Jan 26, 2022Updated 4 years ago
- A series of PowerShell scripts to automate collection of forensic artefacts in most Incident Response environments☆65Jan 31, 2022Updated 4 years ago
- C# Data Collector for the BloodHound Project, Version 3☆37Dec 28, 2021Updated 4 years ago
- ☆1,134Dec 19, 2023Updated 2 years ago
- ☆16Apr 16, 2017Updated 8 years ago
- Aims to identify sleeping beacons☆663Jan 25, 2026Updated 2 months ago
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 6 months ago
- Generates network traffic summaries.☆23Dec 9, 2025Updated 3 months ago
- Detect and respond to Cobalt Strike beacons using ETW.☆516Jul 15, 2022Updated 3 years ago
- An easy to use PowerShell script to collect memory and disk forensics for DFIR investigations.☆340Dec 3, 2025Updated 3 months ago
- ☆21Aug 31, 2022Updated 3 years ago
- ☆24Sep 28, 2022Updated 3 years ago
- Python-based cloud node for local use☆11Mar 7, 2018Updated 8 years ago
- ☆54Sep 6, 2020Updated 5 years ago
- Automatically created C2 Feeds☆667Updated this week
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆95Mar 8, 2023Updated 3 years ago
- Detect Tactics, Techniques & Combat Threats☆2,269Jan 21, 2026Updated 2 months ago
- ELF Sectional docking payload injector system☆21Jun 28, 2022Updated 3 years ago
- A small tool to easily mount APFS image on macOS for forensics.☆16Jul 30, 2020Updated 5 years ago
- ☆451Aug 4, 2021Updated 4 years ago
- VSCode extension for the YARA pattern matching language☆63Jan 10, 2024Updated 2 years ago
- Rules generated from our investigations.☆204Jun 17, 2025Updated 9 months ago
- The Github project for The Defender's Guide by Luke Paine and Jonathan Johnson☆158Jun 15, 2023Updated 2 years ago