Alternatives and similar repositories for SysmonVersions

Users that are interested in SysmonVersions are comparing it to the libraries listed below

• fox-it / dissect.cobaltstrike
  Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
  ☆185Updated 7 months ago
• fox-it / cobaltstrike-beacon-data
  Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
  ☆133Updated 3 years ago
• strozfriedberg / cobaltstrike-config-extractor
  Cobalt Strike Beacon configuration extractor and parser.
  ☆160Updated 3 months ago
• Te-k / cobaltstrike
  Code and yara rules to detect and analyze Cobalt Strike
  ☆273Updated 4 years ago
• Immersive-Labs-Sec / BruteRatel-DetectionTools
  A collection of Tools and Rules for decoding Brute Ratel C4 badgers
  ☆66Updated 3 years ago
• darmado / Atomic-Red-Team-C2
  ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabili…
  ☆178Updated 2 weeks ago
• jonny-jhnson / MSRPC-to-ATTACK
  A repository that maps commonly used attacks using MSRPC protocols to ATT&CK
  ☆343Updated 2 years ago
• airbus-cert / Invoke-Bof
  Load any Beacon Object File using Powershell!
  ☆260Updated 4 years ago
• paranoidninja / Cobaltstrike-Detection
  This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared
  ☆89Updated 2 years ago
• Immersive-Labs-Sec / SliverC2-Forensics
  A collection of tools and detections for the Sliver C2 Frameworj
  ☆133Updated 2 years ago
• StrikeReady-Inc / samples
  shared samples from #dailyphish and/or #apt tweets
  ☆41Updated 5 months ago
• nccgroup / pybeacon
  A collection of scripts for dealing with Cobalt Strike beacons in Python
  ☆169Updated 5 years ago
• fkie-cad / yapscan
  Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.
  ☆62Updated 2 years ago
• Cerbersec / DomainBorrowingC2
  ☆170Updated 4 years ago
• REW-sploit / REW-sploit
  Emulate and Dissect MSF and *other* attacks
  ☆143Updated last year
• Cobalt-Strike / beacon_health_check
  This aggressor script uses a beacon's note field to indicate the health status of a beacon.
  ☆141Updated 4 years ago
• WithSecureLabs / ppid-spoofing
  Scripts for performing and detecting parent PID spoofing
  ☆147Updated 5 years ago
• splunk / melting-cobalt
  A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
  ☆168Updated 3 years ago
• RedTeamOperations / Journey-to-McAfee
  ☆113Updated 3 years ago
• carbonblack / active_c2_ioc_public
  Active C2 IoCs
  ☆99Updated 3 years ago
• mgeeky / msidump
  MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.
  ☆226Updated 2 years ago
• JPCERTCC / CobaltStrike-Config
  Repository for archiving Cobalt Strike configuration
  ☆36Updated this week
• cabve / CbR
  Queries for Carbon Black Response
  ☆11Updated 5 years ago
• wietze / windows-command-line-obfuscation
  Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.
  ☆182Updated last year
• bohops / RogueAssemblyHunter
  Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.
  ☆117Updated 4 years ago
• CCob / MirrorDump
  Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in…
  ☆269Updated 4 years ago
• citronneur / kerlab
  Kerberos laboratory to better understand and then detecting attack on kerberos
  ☆70Updated 4 years ago
• DidierStevens / AdHoc
  AdHoc solutions
  ☆48Updated 2 years ago
• Aetsu / Neton
  Neton is a tool for getting information from Internet connected sandboxes
  ☆96Updated 3 years ago
• jfmaes / SharpNukeEventLog
  nuke that event log using some epic dinvoke fu
  ☆118Updated 4 years ago