CobaltStrikeScan Logo

CobaltStrikeScan

0
Free
Visit Website

CobaltStrikeScan scans Windows process memory for evidence of DLL injection (classic or reflective injection) and/or performs a YARA scan on the target process' memory for Cobalt Strike v3 and v4 beacon signatures. It can also scan a file for Cobalt Strike beacons and parse their configuration. The tool can display the beacon's configuration if detected.

FEATURES

ALTERNATIVES

Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.

A robust Python implementation of TAXII Services with a friendly pythonic API.

Threat hunting tool leveraging Windows events for identifying outliers and suspicious behavior.

A daily updated summary of security advisories from various sources

Globally-accessible knowledge base of adversary tactics and techniques for cybersecurity.

Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.

Knowledge base workflow management dashboard for YARA rules and C2 artifacts.

Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.

PINNED