cs-discovery
Traffic analyzer
Detects malicious servers in network traffic by analyzing encoded byte patterns
Detecting Cobalt Strike Team Servers on targets through traffic telemetry.
20 stars
4 watching
3 forks
Language: Python
last commit: 6 months ago cobalt-strikecobaltstrikecobaltstrike-detectioncommand-and-controlcsirtpythonthreat-huntingthreat-intelligence
Related projects:
| Repository | Description | Stars |
|---|---|---|
 te-k/cobaltstrike | Detects and analyzes Cobalt Strike beacons by analyzing HTTP responses and extracting configuration information. | 266 |
 romanemelyanov/cobaltstrikeforensic | Toolset to analyze and research malware and Cobalt Strike beacon behavior | 206 |
 huoji120/cobaltstrikedetected | Detects potential Cobalt Strike malware by analyzing memory allocation patterns during code execution | 272 |
 fox-it/dissect.cobaltstrike | Library for dissecting and parsing data related to Cobalt Strike exploits | 148 |
 deepingh0st/erebus | A Cobalt Strike plugin for post-exploitation and privilege escalation tests | 1,494 |
 verctor/cobalt_homework | An analysis project of Cobalt Strike C2 protocol in Python. | 67 |
 ch3k1/squidmagic | Analyzes web-based network traffic to detect malicious command and control servers using Squid proxy server and Spamhaus | 78 |
 strozfriedberg/cobaltstrike-config-extractor | A toolset to extract and analyze configurations from malware samples known as Cobalt Strike Beacons. | 148 |
 encodegroup/aggressiveproxy | An instrument used to identify and exploit network proxy configurations and execute shellcode on compromised systems | 141 |
 sentinel-one/cobaltstrikeparser | Deciphers CobaltStrike Beacon configurations from various formats. | 1,028 |
 jamvayne/cobaltstrikedos | A Python script to exploit a Cobalt Strike vulnerability and perform a denial of service attack. | 103 |
 b1tg/cobaltstrike-beacon-rust | A Cobalt Strike beacon implementation in Rust for creating malicious network connections | 180 |
 georgepatsias/scarecrow-cobaltstrike | A tool for integrating Cobalt Strike payloads with ScareCrow to evade antivirus detection and improve evasion capabilities. | 457 |
 slzdude/cs-scripts | Tools and scripts for analyzing and interacting with Cobalt Strike | 32 |
 3lp4tr0n/beaconhunter | A tool for detecting and responding to potential Cobalt Strike beacons using Extended Trace Record (ETW) tracing | 482 |