{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":474029374,"defaultBranch":"main","name":"dissect.cobaltstrike","ownerLogin":"fox-it","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-03-25T13:54:27.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/468621?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1704729708.0","currentOid":""},"activityList":{"items":[{"before":"c81b425001e869194d4931fa640f5e196d8cc450","after":null,"ref":"refs/heads/fix/build-error","pushedAt":"2024-01-08T16:01:48.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"}},{"before":"aa15ef72524121b28810b062cb948fa79eab7085","after":"65716f60ad81b3ce901a8fc3efebab59d63773fa","ref":"refs/heads/main","pushedAt":"2024-01-08T16:01:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Fix `tox -e build` by pinning Python version (#51)\n\n`python -m build` was giving issues with Python 3.12.1, so pinned to version 3.9","shortMessageHtmlLink":"Fix <code>tox -e build</code> by pinning Python version (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2070746406\" data-permission-text=\"Title is private\" data-url=\"https://github.com/fox-it/dissect.cobaltstrike/issues/51\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/fox-it/dissect.cobaltstrike/pull/51/hovercard\" href=\"https://github.com/fox-it/dissect.cobaltstrike/pull/51\">#51</a>)"}},{"before":null,"after":"c81b425001e869194d4931fa640f5e196d8cc450","ref":"refs/heads/fix/build-error","pushedAt":"2024-01-08T15:54:30.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Fix `tox -e build` by pinning Python version","shortMessageHtmlLink":"Fix <code>tox -e build</code> by pinning Python version"}},{"before":"24444e08fc5fb91d1ca912880f956dc18b9cfd6e","after":"aa15ef72524121b28810b062cb948fa79eab7085","ref":"refs/heads/main","pushedAt":"2024-01-08T15:38:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Speedup `xor` by using pseudo-SIMD\n\nh/t @Schamper and https://www.da.vidbuchanan.co.uk/blog/python-swar.html","shortMessageHtmlLink":"Speedup <code>xor</code> by using pseudo-SIMD"}},{"before":"3a2b24dfc99609f46d19bae4d55d1be59f55207a","after":null,"ref":"refs/heads/improvement/ruff","pushedAt":"2023-05-28T13:36:23.843Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"}},{"before":"4bbe48f8847177fa76e346eca00344f681079e64","after":"24444e08fc5fb91d1ca912880f956dc18b9cfd6e","ref":"refs/heads/main","pushedAt":"2023-05-28T13:36:19.218Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Switch to `ruff` linter (#50)\n\n* Add .gitignore\r\n* Change to `ruff` for linting\r\n* Bump `black` to version `23.3.0`","shortMessageHtmlLink":"Switch to <code>ruff</code> linter (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1729469418\" data-permission-text=\"Title is private\" data-url=\"https://github.com/fox-it/dissect.cobaltstrike/issues/50\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/fox-it/dissect.cobaltstrike/pull/50/hovercard\" href=\"https://github.com/fox-it/dissect.cobaltstrike/pull/50\">#50</a>)"}},{"before":null,"after":"3a2b24dfc99609f46d19bae4d55d1be59f55207a","ref":"refs/heads/improvement/ruff","pushedAt":"2023-05-28T13:26:51.476Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Bump `black` to version `23.3.0`","shortMessageHtmlLink":"Bump <code>black</code> to version <code>23.3.0</code>"}},{"before":"fc4d24eb1aba34b06fec93aab5978b8f1ec5f181","after":null,"ref":"refs/heads/improvement/cs47-cs48-compat","pushedAt":"2023-05-07T11:42:41.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"}},{"before":"f0d3782b0fb8c9e61ed4187ad9567a81f4778fad","after":null,"ref":"refs/heads/improvement/speedup-non-standard-xor-key","pushedAt":"2023-05-07T11:41:41.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"}},{"before":"62999015659b52b59296250b45411c976a8c4ee9","after":"4bbe48f8847177fa76e346eca00344f681079e64","ref":"refs/heads/main","pushedAt":"2023-05-07T11:41:34.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Speed up finding non standard beacon XOR keys (#49)\n\nWhen a beacon uses a non standard XOR key it would try each XOR key one by one.\r\nThis change will perform some simple statistics on the data to determine the most\r\nlikely XOR key candidates which significantly speeds up the process.","shortMessageHtmlLink":"Speed up finding non standard beacon XOR keys (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1699002022\" data-permission-text=\"Title is private\" data-url=\"https://github.com/fox-it/dissect.cobaltstrike/issues/49\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/fox-it/dissect.cobaltstrike/pull/49/hovercard\" href=\"https://github.com/fox-it/dissect.cobaltstrike/pull/49\">#49</a>)"}},{"before":"804a6614ae90c1e728d4dfdf174f3bb0a1f18911","after":"f0d3782b0fb8c9e61ed4187ad9567a81f4778fad","ref":"refs/heads/improvement/speedup-non-standard-xor-key","pushedAt":"2023-05-07T10:43:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Cherry picking changes is hard","shortMessageHtmlLink":"Cherry picking changes is hard"}},{"before":"888a38733683a1f07a274f2593812b0b8ad4c135","after":"804a6614ae90c1e728d4dfdf174f3bb0a1f18911","ref":"refs/heads/improvement/speedup-non-standard-xor-key","pushedAt":"2023-05-07T10:40:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Nice catch linter","shortMessageHtmlLink":"Nice catch linter"}},{"before":"fc423cd69465bb6c015771bdd03444ef15e09fde","after":"888a38733683a1f07a274f2593812b0b8ad4c135","ref":"refs/heads/improvement/speedup-non-standard-xor-key","pushedAt":"2023-05-07T10:37:58.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Linter","shortMessageHtmlLink":"Linter"}},{"before":"e05f62b6d30e078c7c679f501b618ea8872ba939","after":"fc423cd69465bb6c015771bdd03444ef15e09fde","ref":"refs/heads/improvement/speedup-non-standard-xor-key","pushedAt":"2023-05-07T10:37:08.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Remove commented line","shortMessageHtmlLink":"Remove commented line"}},{"before":null,"after":"e05f62b6d30e078c7c679f501b618ea8872ba939","ref":"refs/heads/improvement/speedup-non-standard-xor-key","pushedAt":"2023-05-07T10:35:23.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Speed up finding non standard beacon XOR keys\n\nWhen a beacon uses a non standard XOR key it would try each XOR key one by one.\nThis change will perform some simple statistics on the data to determine the most\nlikely XOR key candidates which significantly speeds up the process.","shortMessageHtmlLink":"Speed up finding non standard beacon XOR keys"}},{"before":"87bd6e0249645a9a164f687e0e192763fe8b60da","after":"62999015659b52b59296250b45411c976a8c4ee9","ref":"refs/heads/main","pushedAt":"2023-04-21T13:16:00.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Updates to C2 and Client Code to better handle certain beacon configs (#48)\n\n* C2 update to handle _parameter in transforms\r\n\r\n* Client update to handle Host: header setting critical for domain fronting beacons.\r\n\r\n* Fix small typo in domain\r\n\r\n* Update dissect/cobaltstrike/client.py\r\n\r\nCo-authored-by: Yun Zheng Hu <hu@fox-it.com>\r\n\r\n---------\r\n\r\nCo-authored-by: drb_ra <>\r\nCo-authored-by: Yun Zheng Hu <hu@fox-it.com>","shortMessageHtmlLink":"Updates to C2 and Client Code to better handle certain beacon configs (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1678204717\" data-permission-text=\"Title is private\" data-url=\"https://github.com/fox-it/dissect.cobaltstrike/issues/48\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/fox-it/dissect.cobaltstrike/pull/48/hovercard\" href=\"https://github.com/fox-it/dissect.cobaltstrike/pull/48\">…</a>"}},{"before":"486738b78bf9355bb83cebf10d70af827937ad2e","after":"87bd6e0249645a9a164f687e0e192763fe8b60da","ref":"refs/heads/main","pushedAt":"2023-04-07T12:36:14.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Improve support for Cobalt Strike v4.7 and v4.8 (#47)\n\n* Add new setting enums (some are renamed)\r\n* Add c2profile support for new c2profile settings + tests\r\n* Add some newly found pe_export_stamps for version detection\r\n* Use latin-1 encoding for some settings","shortMessageHtmlLink":"Improve support for Cobalt Strike v4.7 and v4.8 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1658751397\" data-permission-text=\"Title is private\" data-url=\"https://github.com/fox-it/dissect.cobaltstrike/issues/47\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/fox-it/dissect.cobaltstrike/pull/47/hovercard\" href=\"https://github.com/fox-it/dissect.cobaltstrike/pull/47\">#47</a>)"}},{"before":null,"after":"fc4d24eb1aba34b06fec93aab5978b8f1ec5f181","ref":"refs/heads/improvement/cs47-cs48-compat","pushedAt":"2023-04-07T12:22:43.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Improve support for Cobalt Strike v4.7 and v4.8\n\n* Add new setting enums (some are renamed)\n* Add c2profile support for new c2profile settings + tests\n* Add some newly found pe_export_stamps for version detection\n* Use latin-1 encoding for some settings","shortMessageHtmlLink":"Improve support for Cobalt Strike v4.7 and v4.8"}},{"before":"cdca5cb2b0ecb8d8846803fc5280d659067a0438","after":null,"ref":"refs/heads/improvement/beacon-dump-version-info","pushedAt":"2023-03-31T21:12:15.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"}},{"before":"d85b02a3a68d7243f52e1e60fe52c88b4b36460d","after":"486738b78bf9355bb83cebf10d70af827937ad2e","ref":"refs/heads/main","pushedAt":"2023-03-31T21:12:05.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Print beacon version information when running `beacon-dump -v` (#46)","shortMessageHtmlLink":"Print beacon version information when running <code>beacon-dump -v</code> (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1650032964\" data-permission-text=\"Title is private\" data-url=\"https://github.com/fox-it/dissect.cobaltstrike/issues/46\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/fox-it/dissect.cobaltstrike/pull/46/hovercard\" href=\"https://github.com/fox-it/dissect.cobaltstrike/pull/46\">#46</a>)"}},{"before":null,"after":"cdca5cb2b0ecb8d8846803fc5280d659067a0438","ref":"refs/heads/improvement/beacon-dump-version-info","pushedAt":"2023-03-31T21:04:14.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Print beacon version information when running `beacon-dump -v`","shortMessageHtmlLink":"Print beacon version information when running <code>beacon-dump -v</code>"}},{"before":"d52a527a3dfdfb8f0df95509af2d155bd9e98473","after":null,"ref":"refs/heads/bugfix/unicode-domains","pushedAt":"2023-03-31T20:59:54.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"}},{"before":"e579b1d505257feaa23ffe4436a7fc9f49f65403","after":"d85b02a3a68d7243f52e1e60fe52c88b4b36460d","ref":"refs/heads/main","pushedAt":"2023-03-31T20:59:51.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Decode SETTING_DOMAINS using latin-1 instead of ascii codec (#45)\n\nThis correctly parses beacons that have a unicode character in the domain name.\r\nBefore the unicode character would be ignored due to ascii codec and ignoring invalid ascii characters.","shortMessageHtmlLink":"Decode SETTING_DOMAINS using latin-1 instead of ascii codec (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1650014293\" data-permission-text=\"Title is private\" data-url=\"https://github.com/fox-it/dissect.cobaltstrike/issues/45\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/fox-it/dissect.cobaltstrike/pull/45/hovercard\" href=\"https://github.com/fox-it/dissect.cobaltstrike/pull/45\">#45</a>)"}},{"before":null,"after":"d52a527a3dfdfb8f0df95509af2d155bd9e98473","ref":"refs/heads/bugfix/unicode-domains","pushedAt":"2023-03-31T20:53:27.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Decode SETTING_DOMAINS using latin-1 instead of ascii codec\n\nThis fixes parsing beacons that have a unicode character in the domain name.","shortMessageHtmlLink":"Decode SETTING_DOMAINS using latin-1 instead of ascii codec"}},{"before":"1578304934a46239a77474555d9bb560dff1f064","after":null,"ref":"refs/heads/cs-48","pushedAt":"2023-03-31T20:44:11.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"}},{"before":"b74d937c9daaf440d0f470d9c19c97b9b29e1394","after":"e579b1d505257feaa23ffe4436a7fc9f49f65403","ref":"refs/heads/main","pushedAt":"2023-03-31T20:44:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Add Cobalt Strike 4.8 version detection (#44)","shortMessageHtmlLink":"Add Cobalt Strike 4.8 version detection (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1649995402\" data-permission-text=\"Title is private\" data-url=\"https://github.com/fox-it/dissect.cobaltstrike/issues/44\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/fox-it/dissect.cobaltstrike/pull/44/hovercard\" href=\"https://github.com/fox-it/dissect.cobaltstrike/pull/44\">#44</a>)"}},{"before":null,"after":"1578304934a46239a77474555d9bb560dff1f064","ref":"refs/heads/cs-48","pushedAt":"2023-03-31T20:33:57.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"yunzheng","name":"Yun Zheng Hu","path":"/yunzheng","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/468612?s=80&v=4"},"commit":{"message":"Add Cobalt Strike 4.8 version detection","shortMessageHtmlLink":"Add Cobalt Strike 4.8 version detection"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAD2na4ygA","startCursor":null,"endCursor":null}},"title":"Activity · fox-it/dissect.cobaltstrike"}