Code and yara rules to detect and analyze Cobalt Strike

Last update: Jan 04, 2023

Related tags

Miscellaneous cobaltstrike

Overview

Cobalt Strike Resources

This repository contains:

analyze.py: a script to analyze a Cobalt Strike beacon (python analyze.py BEACON)
extract.py; extract a beacon from an encrypted beacon
lib.py: library containing functions for the other scripts
output.csv : CSV file containing CS servers identified online in Dec 2020
rules.yar: Yara rules for CS beacons
scan_list.py: script to scan a list of servers (python scan_list.py FILE)
scan.py : script to scan a server (python scan.py IP)

You can see my blog post Analyzing Cobalt Strike for Fun and Profit for more information.

Credits : Amnesty Tech

Owner

Tek

Hacking things here and there, mostly threat intel, osint, malware analysis and human rights

GitHub Repository

Python 3 script for installing kali tools on your linux machine

2 Apr 20, 2022

Get information about what a Python frame is currently doing, particularly the AST node being executed

executing This mini-package lets you get information about what a frame is currently doing, particularly the AST node being executed. Usage Getting th

211 Jan 01, 2023

用于红队成员初步快速攻击的全自动化工具。

关于 Author：m0sway Mail：[email protected] Github：https://www.github.com/m0sway/Jud JuD是

46 Jul 21, 2022

mypy plugin for PynamoDB

pynamodb-mypy A plugin for mypy which gives it deeper understanding of PynamoDB (beyond what's possible through type stubs). Usage Add it to the plugi

1 Oct 21, 2022

A Python library that helps data scientists to infer causation rather than observing correlation.

1.7k Jan 04, 2023

Completed task 1 and task 2 at LetsGrowMore as a data science intern.

LetsGrowMore-Internship Completed task 1 and task 2 at LetsGrowMore as a data science intern. Task 1- Task 2- Creating a Decision Tree classifier and

1 Jan 16, 2022

NewsBlur is a personal news reader bringing people together to talk about the world.

NewsBlur NewsBlur is a personal news reader bringing people together to talk about the world.

6.2k Dec 29, 2022

Assignment for python course, BUPT 2021.

pyFuujinrokuDestiny Assignment for python course, BUPT 2021. Notice username and password must be ASCII encoding. If username exists in database, syst

3 Jun 18, 2021

Open-source data observability for modern data teams

Use cases Monitor your data warehouse in minutes: Data anomalies monitoring as dbt tests Data lineage made simple, reliable, and automated dbt operati

889 Jan 01, 2023

Demo of patching a python context manager

patch-demo-20211203 demo of patching a python context manager poetry install poetry run python -m my_great_app to run the code poetry run pytest to te

1 Feb 09, 2022

dotfiles - Cristian Valero Abundio

In this repository you can find various configurations to configure your Linux operating system, preferably ArchLinux and its derivatives.

1 Jan 09, 2022

A faster copy of nell's comet nuker

Astro a faster copy of nell's comet nuker also nell uses external libraries like it's cocaine man never learned to use ansi color codes (ily nell) (On

8 Aug 15, 2022

Web站点选优工具 - 优化GitHub的打开速度、高效Clone

QWebSiteOptimizer - Web站点速度选优工具在访问GitHub等网站时，DNS解析到的IP地址可能并不是最快，过慢的节点会严重影响我们的访问情况，故制作出这样的工具来进一步优化网络质量。由于该方案并非为VPN等方式进行的速度优化，以下几点需要您注意：后续访问对应网站时仍可能需

15 May 01, 2022

FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon shares in vast Windows Domains.

FindUncommonShares The script FindUncommonShares.py is a Python equivalent of PowerView's Invoke-ShareFinder.ps1 allowing to quickly find uncommon sha

184 Jan 03, 2023