countercept topic

List countercept repositories

chainsaw

2.6k
Stars
230
Forks
Watchers

Rapidly Search and Hunt through Windows Forensic Artefacts

verified publisher icon WithSecureLabs

snake

217
Stars
41
Forks
Watchers

snake - a malware storage zoo

verified publisher icon WithSecureLabs

ppid-spoofing

134
Stars
20
Forks
Watchers

Scripts for performing and detecting parent PID spoofing

verified publisher icon WithSecureLabs

python-exe-unpacker

873
Stars
334
Forks
Watchers

A helper script for unpacking and decompiling EXEs compiled from python code.

verified publisher icon WithSecureLabs

doublepulsar-c2-traffic-decryptor

225
Stars
138
Forks
Watchers

A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant

verified publisher icon WithSecureLabs

CallStackSpoofer

394
Stars
61
Forks
Watchers

A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

verified publisher icon WithSecureLabs

doublepulsar-detection-script

1.0k
Stars
318
Forks
Watchers

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

verified publisher icon WithSecureLabs

doublepulsar-usermode-injector

112
Stars
42
Forks
Watchers

A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.

verified publisher icon WithSecureLabs

LinuxCatScale

221
Stars
48
Forks
Watchers

Incident Response collection and processing scripts with automated reporting scripts

verified publisher icon WithSecureLabs

detectree

121
Stars
7
Forks
Watchers

Data visualization for blue teams

verified publisher icon WithSecureLabs