strozfriedberg/cobaltstrike-config-extractor external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

strozfriedberg/cobaltstrike-config-extractor

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/strozfriedberg/cobaltstrike-config-extractor)

Close

strozfriedberg / cobaltstrike-config-extractorView on GitHubMore

• External links
• Readme badge

Cobalt Strike Beacon configuration extractor and parser.

☆160Oct 30, 2025Updated 4 months ago

Alternatives and similar repositories for cobaltstrike-config-extractor

Users that are interested in cobaltstrike-config-extractor are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• stairwell-inc / cobalt-strike-stager-parser

  View on GitHub
  ☆36Jan 11, 2023Updated 3 years ago
• Sentinel-One / CobaltStrikeParser

  View on GitHub
  ☆1,134Dec 19, 2023Updated 2 years ago
• CCob / BeaconEye

  View on GitHub
  Hunts out CobaltStrike beacons and logs operator command output
  ☆951Sep 4, 2024Updated last year
• 3lp4tr0n / BeaconHunter

  View on GitHub
  Detect and respond to Cobalt Strike beacons using ETW.
  ☆516Jul 15, 2022Updated 3 years ago
• woanware / etw-event-dumper

  View on GitHub
  ☆33Feb 26, 2022Updated 4 years ago
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• whickey-r7 / grab_beacon_config

  View on GitHub
  ☆451Aug 4, 2021Updated 4 years ago
• RomanEmelyanov / CobaltStrikeForensic

  View on GitHub
  Toolset for research malware and Cobalt Strike beacons
  ☆211Mar 11, 2025Updated last year
• EspressoCake / Needle_Sift_BOF

  View on GitHub
  Strstr with user-supplied needle and filename as a BOF.
  ☆32Sep 27, 2021Updated 4 years ago
• t3hbb / NSGenCS

  View on GitHub
  Extendable payload obfuscation and delivery framework
  ☆146Nov 4, 2022Updated 3 years ago
• Apr4h / CobaltStrikeScan

  View on GitHub
  Scan files or process memory for CobaltStrike beacons and parse their configuration
  ☆921Aug 19, 2021Updated 4 years ago
• bashexplode / cs2webconfig

  View on GitHub
  Convert Cobalt Strike profiles to IIS web.config files
  ☆114Aug 23, 2021Updated 4 years ago
• Te-k / cobaltstrike

  View on GitHub
  Code and yara rules to detect and analyze Cobalt Strike
  ☆272May 5, 2021Updated 4 years ago
• OllieJC / tbat

  View on GitHub
  Threat Box Assessment Tool
  ☆19Mar 5, 2026Updated 3 weeks ago
• fox-it / dissect.cobaltstrike

  View on GitHub
  Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
  ☆187Mar 17, 2026Updated last week
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• shabarkin / pointer

  View on GitHub
  Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.
  ☆68Apr 12, 2022Updated 3 years ago
• improsec / ImproHound

  View on GitHub
  Identify the attack paths in BloodHound breaking your AD tiering
  ☆326Nov 6, 2022Updated 3 years ago
• Sh0ckFR / DLLirant

  View on GitHub
  DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.
  ☆322Sep 23, 2022Updated 3 years ago
• mgeeky / ElusiveMice

  View on GitHub
  Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
  ☆483Jul 12, 2023Updated 2 years ago
• carbonblack / active_c2_ioc_public

  View on GitHub
  Active C2 IoCs
  ☆99Nov 28, 2022Updated 3 years ago
• b4r0nd3l4b1rr4 / Teams-CS-Notifier

  View on GitHub
  ☆15Apr 29, 2023Updated 2 years ago
• MichaelKoczwara / Awesome-CobaltStrike-Defence

  View on GitHub
  Defences against Cobalt Strike
  ☆1,297Jul 14, 2022Updated 3 years ago
• aahmad097 / ZoomPersistence

  View on GitHub
  Zoom Persistence Aggressor and Handler
  ☆55Mar 24, 2021Updated 5 years ago
• thefLink / Hunt-Sleeping-Beacons

  View on GitHub
  Aims to identify sleeping beacons
  ☆664Jan 25, 2026Updated 2 months ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• xorhex / mlget

  View on GitHub
  A golang CLI tool to download malware from a variety of sources.
  ☆151Jul 3, 2025Updated 8 months ago
• jimtin / IRCoreForensicFramework

  View on GitHub
  Powershell / C# based cross platform forensic framework based for live incident response
  ☆23Jul 5, 2020Updated 5 years ago
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆266Nov 25, 2023Updated 2 years ago
• tomcarver16 / BOF-DLL-Inject

  View on GitHub
  Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.
  ☆152Sep 3, 2020Updated 5 years ago
• BushidoUK / Abused-Legitimate-Services

  View on GitHub
  Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups
  ☆60Oct 28, 2022Updated 3 years ago
• rasta-mouse / ExternalC2.NET

  View on GitHub
  .NET implementation of Cobalt Strike's External C2 Spec
  ☆89Nov 12, 2021Updated 4 years ago
• Cyb3r-Monk / ACCD

  View on GitHub
  Active C&C Detector
  ☆156Oct 5, 2023Updated 2 years ago
• boku7 / injectEtwBypass

  View on GitHub
  CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
  ☆300Sep 28, 2021Updated 4 years ago
• ConstantinT / Lantern

  View on GitHub
  ☆23Nov 13, 2021Updated 4 years ago
• NordVPN Threat Protection Pro™ • Ad
  Take your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
• oXis / GPUSleep

  View on GitHub
  Move CS beacon to GPU memory when sleeping
  ☆251Nov 19, 2021Updated 4 years ago
• DissectMalware / XLMMacroDeobfuscator

  View on GitHub
  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
  ☆585May 5, 2024Updated last year
• 3CORESec / MAL-CL

  View on GitHub
  MAL-CL (Malicious Command-Line)
  ☆322Jan 10, 2023Updated 3 years ago
• target / halogen

  View on GitHub
  Automatically create YARA rules from malicious documents.
  ☆211May 16, 2022Updated 3 years ago
• securifybv / Visual-Studio-BOF-template

  View on GitHub
  A Visual Studio template used to create Cobalt Strike BOFs
  ☆325Nov 17, 2021Updated 4 years ago
• WithSecureLabs / chainsaw

  View on GitHub
  Rapidly Search and Hunt through Windows Forensic Artefacts
  ☆3,484Mar 2, 2026Updated 3 weeks ago
• OALabs / flare-vm

  View on GitHub
  ☆14Aug 8, 2022Updated 3 years ago