CobaltStrike Parser
⚖️ Dual Use · Python
CobaltStrike Parser is a Python tool used to extract configurations from Cobalt Strike beacon payloads. It identifies crucial elements such as command and control (C2) server addresses, watermarks, and malleable C2 profiles. This tool aids analysts and incident responders in dissecting malicious payloads, enabling them to understand threat actor infrastructure and communication patterns. It's essential for digital forensics and incident response (DFIR) operations.
Use Cases
- Extracting Cobalt Strike beacon configurations
- Identifying C2 server infrastructure
- Analyzing malleable C2 profiles
- Incident response triage for CS infections
- Threat intelligence on CS watermarks
Tags
Details
- Category
- ⚖️ Dual Use
- Language
- Python
- Repository
- Sentinel-One/CobaltStrikeParser
- Platforms
- 🐧linux🍎macos🪟windows
Links
Community Reviews
More in Dual Use
ProxyChains-ng
CForce any TCP connection through SOCKS4/5 or HTTP proxies. Chain multiple proxies for anonymity.
Socat
CMultipurpose relay tool. Bidirectional data transfer between two data channels - sockets, files, pipes, devices.
ngrok
GoExpose local servers to the internet via secure tunnels. Instant public URLs for localhost services.
Rclone
Gorsync for cloud storage. Sync, copy, and mount 70+ cloud providers. Command-line Swiss army knife for cloud data.
GTFOBins
ShellCurated list of Unix binaries that can be used to bypass security restrictions. Living off the land, documented.
LOLBAS
ShellLiving Off The Land Binaries, Scripts and Libraries for Windows. Documenting every Windows binary with offensive potential.