A helper script for unpacking and decompiling EXEs compiled from python code.
-
Updated
Oct 11, 2020 - Python
A helper script for unpacking and decompiling EXEs compiled from python code.
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
Incident Response collection and processing scripts with automated reporting scripts
A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.
Scripts for performing and detecting parent PID spoofing
A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique
A collection of useful radare2 scripts!
RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShell which do not have comprehensive logging facilities built in.
Data visualization for blue teams
Scripts for extracting useful information from infected memory dumps
A triage data collection script for macOS
A higher-level wrapper on top of the official bson & mongodb crates.
ESF modular ingestion tool for development and research.
Add a description, image, and links to the countercept topic page so that developers can more easily learn about it.
To associate your repository with the countercept topic, visit your repo's landing page and select "manage topics."