Alternatives and similar repositories for SysmonVersions

Users that are interested in SysmonVersions are comparing it to the libraries listed below

• fox-it / dissect.cobaltstrike
  Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
  ☆183Updated 6 months ago
• fox-it / cobaltstrike-beacon-data
  Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
  ☆133Updated 3 years ago
• strozfriedberg / cobaltstrike-config-extractor
  Cobalt Strike Beacon configuration extractor and parser.
  ☆157Updated 2 months ago
• jonny-jhnson / MSRPC-to-ATTACK
  A repository that maps commonly used attacks using MSRPC protocols to ATT&CK
  ☆341Updated 2 years ago
• Immersive-Labs-Sec / BruteRatel-DetectionTools
  A collection of Tools and Rules for decoding Brute Ratel C4 badgers
  ☆66Updated 3 years ago
• Cobalt-Strike / beacon_health_check
  This aggressor script uses a beacon's note field to indicate the health status of a beacon.
  ☆142Updated 4 years ago
• nccgroup / pybeacon
  A collection of scripts for dealing with Cobalt Strike beacons in Python
  ☆169Updated 5 years ago
• paranoidninja / Cobaltstrike-Detection
  This repo will contain the core detection, only for Cobaltstrike's leaked versions. Non-leaked version detections wont be shared
  ☆89Updated 2 years ago
• lisandro-git / sandbox_evasion
  Sandbox evasion code snippets developped in Golang
  ☆20Updated 3 years ago
• Te-k / cobaltstrike
  Code and yara rules to detect and analyze Cobalt Strike
  ☆272Updated 4 years ago
• fkie-cad / yapscan
  Yapscan is a YAra based Process SCANner, aimed at giving more control about what to scan and giving detailed reports on matches.
  ☆62Updated 2 years ago
• RedTeamOperations / Journey-to-McAfee
  ☆113Updated 3 years ago
• bohops / RogueAssemblyHunter
  Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes.
  ☆117Updated 3 years ago
• airbus-cert / Invoke-Bof
  Load any Beacon Object File using Powershell!
  ☆259Updated 4 years ago
• darmado / Atomic-Red-Team-C2
  ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabili…
  ☆177Updated 3 weeks ago
• splunk / melting-cobalt
  A Cobalt Strike Scanner that retrieves detected Team Server beacons into a JSON object
  ☆170Updated 3 years ago
• RiccardoAncarani / TaskShell
  ☆59Updated 4 years ago
• wietze / windows-command-line-obfuscation
  Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.
  ☆180Updated 11 months ago
• CCob / MirrorDump
  Another LSASS dumping tool that uses a dynamically compiled LSA plugin to grab an lsass handle and API hooking for capturing the dump in…
  ☆269Updated 4 years ago
• WithSecureLabs / ppid-spoofing
  Scripts for performing and detecting parent PID spoofing
  ☆146Updated 5 years ago
• jfmaes / SharpNukeEventLog
  nuke that event log using some epic dinvoke fu
  ☆118Updated 4 years ago
• Cerbersec / DomainBorrowingC2
  ☆170Updated 4 years ago
• Cobalt-Strike / sleep_python_bridge
  This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python withou…
  ☆188Updated 5 months ago
• citronneur / kerlab
  Kerberos laboratory to better understand and then detecting attack on kerberos
  ☆70Updated 4 years ago
• DidierStevens / AdHoc
  AdHoc solutions
  ☆48Updated 2 years ago
• Immersive-Labs-Sec / SliverC2-Forensics
  A collection of tools and detections for the Sliver C2 Frameworj
  ☆132Updated 2 years ago
• bats3c / EvtMute
  Apply a filter to the events being reported by windows event logging
  ☆264Updated 4 years ago
• cabve / CbR
  Queries for Carbon Black Response
  ☆11Updated 5 years ago
• mitre / sandcat
  A CALDERA plugin
  ☆71Updated this week
• rvrsh3ll / NoMSBuild
  MSBuild without MSbuild.exe
  ☆135Updated 5 years ago