A helper script for unpacking and decompiling EXEs compiled from python code.
-
Updated
Jun 16, 2024 - Python
A helper script for unpacking and decompiling EXEs compiled from python code.
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
Incident Response collection and processing scripts with automated reporting scripts
A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.
Scripts for performing and detecting parent PID spoofing
A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique
A collection of useful radare2 scripts!
RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShell which do not have comprehensive logging facilities built in.
Data visualization for blue teams
A higher-level wrapper on top of the official bson & mongodb crates.
A triage data collection script for macOS
ESF modular ingestion tool for development and research.
Scripts for extracting useful information from infected memory dumps
Add a description, image, and links to the countercept topic page so that developers can more easily learn about it.
To associate your repository with the countercept topic, visit your repo's landing page and select "manage topics."