cobaltstrike
Beacon analyzer
Detects and analyzes Cobalt Strike beacons by analyzing HTTP responses and extracting configuration information.
Code and yara rules to detect and analyze Cobalt Strike
262 stars
16 watching
58 forks
Language: Python
last commit: over 3 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 eremit4/cs-discovery | Detects malicious servers in network traffic by analyzing encoded byte patterns | 20 |
 sentinel-one/cobaltstrikeparser | Deciphers CobaltStrike Beacon configurations from various formats. | 1,022 |
 strozfriedberg/cobaltstrike-config-extractor | A toolset to extract and analyze configurations from malware samples known as Cobalt Strike Beacons. | 145 |
 fox-it/dissect.cobaltstrike | Library for dissecting and parsing data related to Cobalt Strike exploits | 147 |
| fox-it/cobaltstrike-beacon-data | Historical metadata of Cobalt Strike Beacon attacks | 122 |
 splunk/melting-cobalt | Tool to hunt and mine Cobalt Strike beacons from internet-connected services | 164 |
 z3ratu1/geacon_plus | A Go implementation of a CobaltStrike beacon with support for multiple platforms and various communication protocols | 394 |
 b1tg/cobaltstrike-beacon-rust | A Cobalt Strike beacon implementation in Rust for creating malicious network connections | 177 |
 romanemelyanov/cobaltstrikeforensic | Toolset to analyze and research malware and Cobalt Strike beacon behavior | 206 |
 3lp4tr0n/beaconhunter | A tool for detecting and responding to potential Cobalt Strike beacons using Extended Trace Record (ETW) tracing | 481 |
 apr4h/cobaltstrikescan | A tool for detecting and parsing CobaltStrike beacon configuration from files or process memory. | 900 |
 loecho-sec/cobaltstrike_script_wechat_push | Automated notifications via WeChat Serveré…± for CobaltStrike beacons | 44 |
 huoji120/cobaltstrikedetected | Detects potential Cobalt Strike malware by analyzing memory allocation patterns during code execution | 271 |
 nccgroup/pybeacon | A collection of Python scripts for analyzing and interacting with Cobalt Strike beacons. | 167 |
 akkuman/evileye | A tool used to detect and analyze malicious beacon activity in memory using Go programming language | 149 |