EN
ENNA
CO

CobaltStrike Parser

⚖️ Dual Use · Python

Parse and extract configs from Cobalt Strike beacons. Identify C2 servers, watermarks, and malleable C2 profiles.

View on GitHub

Use Cases

  • Extracting Cobalt Strike beacon configurations
  • Identifying C2 server infrastructure
  • Analyzing malleable C2 profiles
  • Incident response triage for CS infections
  • Threat intelligence on CS watermarks

Tags

cobalt-strikebeaconc2-detectionconfig-extractiondfir

Details

Category
⚖️ Dual Use
Language
Python

Platforms

🐧linux🍎macos🪟windows

Links

GitHub Repository

github.com/Sentinel-One/CobaltStrikeParser

Releases

github.com/Sentinel-One/CobaltStrikeParser/releases

Issues

github.com/Sentinel-One/CobaltStrikeParser/issues

More in Dual Use

ProxyChains-ng

C

Force any TCP connection through SOCKS4/5 or HTTP proxies. Chain multiple proxies for anonymity.

proxysockspivoting

Socat

C

Multipurpose relay tool. Bidirectional data transfer between two data channels — sockets, files, pipes, devices.

relaysockettunneling

ngrok

Go

Expose local servers to the internet via secure tunnels. Instant public URLs for localhost services.

tunnelingreverse-proxynat-bypass

Rclone

Go

rsync for cloud storage. Sync, copy, and mount 70+ cloud providers. Command-line Swiss army knife for cloud data.

cloud-storagesyncexfiltration

GTFOBins

Shell

Curated list of Unix binaries that can be used to bypass security restrictions. Living off the land, documented.

lolbinsprivescshell-escape

LOLBAS

Shell

Living Off The Land Binaries, Scripts and Libraries for Windows. Documenting every Windows binary with offensive potential.

lolbinswindowsevasion