issues
search
fox-it
/
dissect.cobaltstrike
Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
https://dissect-cobaltstrike.readthedocs.io
MIT License
145
stars
20
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Compatibility with cstruct v4
#56
yunzheng
opened
3 days ago
0
Pin dissect.cstruct < 4.0 for now
#54
yunzheng
closed
6 days ago
0
Compatibility with dissect.struct 4.x
#53
yunzheng
opened
3 months ago
3
How to install beacon-pcap?
#52
polosec
closed
3 months ago
2
Fix `tox -e build` by pinning Python version
#51
yunzheng
closed
8 months ago
1
Switch to `ruff` linter
#50
yunzheng
closed
1 year ago
1
Speed up finding non standard beacon XOR keys
#49
yunzheng
closed
1 year ago
1
Updates to C2 and Client Code to better handle certain beacon configs
#48
drb-ra
closed
1 year ago
2
Improve support for Cobalt Strike v4.7 and v4.8
#47
yunzheng
closed
1 year ago
1
Print beacon version information when running `beacon-dump -v`
#46
yunzheng
closed
1 year ago
1
Decode SETTING_DOMAINS using latin-1 instead of ascii codec
#45
yunzheng
closed
1 year ago
1
Add Cobalt Strike 4.8 version detection
#44
yunzheng
closed
1 year ago
1
Update git repo for flake8
#43
yunzheng
closed
1 year ago
1
Merge main back into furo-theme branch
#42
yunzheng
closed
1 year ago
0
Add `codespell` to `.pre-commit-config.yaml` and fixed typos
#41
yunzheng
closed
1 year ago
1
Improved docs and tutorials
#39
yunzheng
closed
1 year ago
1
Add message for trial beacons
#38
yunzheng
closed
1 year ago
1
Move `scripts/artifact.py` to it's own `beacon-artifact` CLI tool
#37
yunzheng
closed
1 year ago
1
Don't use hardcoded strings for type names
#36
yunzheng
closed
1 year ago
1
Add test_client.py for testing `dissect.cobaltstrike.client`
#35
yunzheng
closed
1 year ago
1
Ignore COMMAND_NOOP packets
#34
yunzheng
closed
1 year ago
0
Httpx req params
#33
yunzheng
closed
1 year ago
0
Fix --arch and --barch arguments not being parsed
#32
yunzheng
closed
1 year ago
0
Add specific message for `flow.record` ImportError
#31
yunzheng
closed
1 year ago
0
Improve documentation
#30
yunzheng
closed
1 year ago
0
Fix readthedocs
#29
yunzheng
closed
1 year ago
0
Get rid of docs/requirements.txt and use pip method for readthedocs
#28
yunzheng
closed
1 year ago
0
Get rid of docs/requirements.txt and use pip method for readthedocs
#27
yunzheng
closed
1 year ago
0
Fix building docs
#26
yunzheng
closed
1 year ago
0
Add support for beacon client and decrypting traffic from PCAP files
#25
yunzheng
closed
1 year ago
0
Add PE export stamps for Cobalt Strike 4.7 and 4.7.1
#24
yunzheng
closed
2 years ago
0
Add `netbios_encode` and `netbios_decode` functions to utils.py
#23
yunzheng
closed
2 years ago
0
Add `BeaconConfig.public_key` property
#22
yunzheng
closed
2 years ago
0
Add retain_file_offset helper to utils.py
#21
yunzheng
closed
2 years ago
0
Add task_* c2profile settings that were introduced in Cobalt Strike 4.6
#20
yunzheng
closed
2 years ago
0
Add Cobalt Strike 4.7 settings and version info
#19
yunzheng
closed
2 years ago
0
Fixed missing DNS beacon settings in c2profile output (#17)
#18
yunzheng
closed
2 years ago
0
DNS settings are missing in c2profile output for DNS beacons
#17
yunzheng
closed
2 years ago
1
Added pe_export_stamp for CS 4.6 DNS Beacon
#16
yunzheng
closed
2 years ago
0
Add u64, p64, u64be and p64be packing aliases
#15
yunzheng
closed
2 years ago
0
Fix small typo in docs
#14
yunzheng
closed
2 years ago
0
Add PE export timestamps for Cobalt Strike 4.6
#13
yunzheng
closed
2 years ago
0
Update README.rst
#12
yunzheng
closed
2 years ago
0
Add tests for `dissect.cobaltstrike.beacon` main function
#11
yunzheng
closed
2 years ago
0
Refactor `pytest.raises` statements to use `match` keyword
#10
yunzheng
closed
2 years ago
0
Add process exit code to beacon-dump
#9
yunzheng
closed
2 years ago
0
Apply black --check and --diff options via .pre-commit-config.yaml only
#8
yunzheng
closed
2 years ago
0
Refactor OSError exception handling in @catch_sigpipe decorator
#7
yunzheng
closed
2 years ago
0
Determine Sphinx docs version from `dissect.cobaltstrike._version`
#6
yunzheng
closed
2 years ago
0
Improved handling for empty or all zero xorkey buffer in utils.xor
#5
yunzheng
closed
2 years ago
0
Next