strozfriedberg/cobaltstrike-config-extractor external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

strozfriedberg/cobaltstrike-config-extractor

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/strozfriedberg/cobaltstrike-config-extractor)

Close

strozfriedberg / cobaltstrike-config-extractorView on GitHubMore

• External links
• Readme badge

Cobalt Strike Beacon configuration extractor and parser.

☆163Oct 30, 2025Updated 7 months ago

Alternatives and similar repositories for cobaltstrike-config-extractor

Users that are interested in cobaltstrike-config-extractor are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• stairwell-inc / cobalt-strike-stager-parser

  View on GitHub
  ☆36Jan 11, 2023Updated 3 years ago
• Sentinel-One / CobaltStrikeParser

  View on GitHub
  ☆1,139Dec 19, 2023Updated 2 years ago
• CCob / BeaconEye

  View on GitHub
  Hunts out CobaltStrike beacons and logs operator command output
  ☆961Sep 4, 2024Updated last year
• 3lp4tr0n / BeaconHunter

  View on GitHub
  Detect and respond to Cobalt Strike beacons using ETW.
  ☆516Jul 15, 2022Updated 3 years ago
• woanware / etw-event-dumper

  View on GitHub
  ☆33Feb 26, 2022Updated 4 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• t3hbb / NSGenCS

  View on GitHub
  Extendable payload obfuscation and delivery framework
  ☆143Nov 4, 2022Updated 3 years ago
• whickey-r7 / grab_beacon_config

  View on GitHub
  ☆450Aug 4, 2021Updated 4 years ago
• RomanEmelyanov / CobaltStrikeForensic

  View on GitHub
  Toolset for research malware and Cobalt Strike beacons
  ☆210Mar 11, 2025Updated last year
• EspressoCake / Needle_Sift_BOF

  View on GitHub
  Strstr with user-supplied needle and filename as a BOF.
  ☆32Sep 27, 2021Updated 4 years ago
• Apr4h / CobaltStrikeScan

  View on GitHub
  Scan files or process memory for CobaltStrike beacons and parse their configuration
  ☆921Aug 19, 2021Updated 4 years ago
• bashexplode / cs2webconfig

  View on GitHub
  Convert Cobalt Strike profiles to IIS web.config files
  ☆114Aug 23, 2021Updated 4 years ago
• Te-k / cobaltstrike

  View on GitHub
  Code and yara rules to detect and analyze Cobalt Strike
  ☆274May 5, 2021Updated 5 years ago
• mgeeky / ElusiveMice

  View on GitHub
  Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
  ☆489Jul 12, 2023Updated 2 years ago
• OllieJC / tbat

  View on GitHub
  Threat Box Assessment Tool
  ☆19Mar 5, 2026Updated 3 months ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• fox-it / dissect.cobaltstrike

  View on GitHub
  Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
  ☆189Mar 17, 2026Updated 3 months ago
• shabarkin / pointer

  View on GitHub
  Pointer was developed for massive hunting and mapping Cobalt Strike servers exposed on the internet.
  ☆68Apr 12, 2022Updated 4 years ago
• improsec / ImproHound

  View on GitHub
  Identify the attack paths in BloodHound breaking your AD tiering
  ☆327Nov 6, 2022Updated 3 years ago
• Sh0ckFR / DLLirant

  View on GitHub
  DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.
  ☆323Sep 23, 2022Updated 3 years ago
• carbonblack / active_c2_ioc_public

  View on GitHub
  Active C2 IoCs
  ☆100Nov 28, 2022Updated 3 years ago
• b4r0nd3l4b1rr4 / Teams-CS-Notifier

  View on GitHub
  ☆15Apr 29, 2023Updated 3 years ago
• MichaelKoczwara / Awesome-CobaltStrike-Defence

  View on GitHub
  Defences against Cobalt Strike
  ☆1,304Jul 14, 2022Updated 3 years ago
• FalconForceTeam / SysWhispers2BOF

  View on GitHub
  Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs
  ☆125May 24, 2022Updated 4 years ago
• aahmad097 / ZoomPersistence

  View on GitHub
  Zoom Persistence Aggressor and Handler
  ☆57Mar 24, 2021Updated 5 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• thefLink / Hunt-Sleeping-Beacons

  View on GitHub
  Aims to identify sleeping beacons
  ☆670Jan 25, 2026Updated 4 months ago
• xorhex / mlget

  View on GitHub
  A golang CLI tool to download malware from a variety of sources.
  ☆152Jul 3, 2025Updated 11 months ago
• jimtin / IRCoreForensicFramework

  View on GitHub
  Powershell / C# based cross platform forensic framework based for live incident response
  ☆23Jul 5, 2020Updated 5 years ago
• CrowdStrike / SuperMem

  View on GitHub
  A python script developed to process Windows memory images based on triage type.
  ☆266Nov 25, 2023Updated 2 years ago
• tomcarver16 / BOF-DLL-Inject

  View on GitHub
  Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.
  ☆152Sep 3, 2020Updated 5 years ago
• BushidoUK / Abused-Legitimate-Services

  View on GitHub
  Cloud, CDN, and marketing services leveraged by cybercriminals and APT groups
  ☆60Oct 28, 2022Updated 3 years ago
• rasta-mouse / ExternalC2.NET

  View on GitHub
  .NET implementation of Cobalt Strike's External C2 Spec
  ☆89Nov 12, 2021Updated 4 years ago
• RomaissaAdjailia / Get-AppLockerEventlog

  View on GitHub
  This is a repo for fetching Applocker event log by parsing the win-event log
  ☆29Aug 6, 2022Updated 3 years ago
• Cyb3r-Monk / ACCD

  View on GitHub
  Active C&C Detector
  ☆156Oct 5, 2023Updated 2 years ago
• End-to-end encrypted email - Proton Mail • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
• boku7 / injectEtwBypass

  View on GitHub
  CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
  ☆301Sep 28, 2021Updated 4 years ago
• ConstantinT / Lantern

  View on GitHub
  ☆23Nov 13, 2021Updated 4 years ago
• oXis / GPUSleep

  View on GitHub
  Move CS beacon to GPU memory when sleeping
  ☆250Nov 19, 2021Updated 4 years ago
• DissectMalware / XLMMacroDeobfuscator

  View on GitHub
  Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
  ☆588May 5, 2024Updated 2 years ago
• target / halogen

  View on GitHub
  Automatically create YARA rules from malicious documents.
  ☆211May 16, 2022Updated 4 years ago
• 3CORESec / MAL-CL

  View on GitHub
  MAL-CL (Malicious Command-Line)
  ☆325Jan 10, 2023Updated 3 years ago
• securifybv / Visual-Studio-BOF-template

  View on GitHub
  A Visual Studio template used to create Cobalt Strike BOFs
  ☆325Nov 17, 2021Updated 4 years ago