cobaltstrike-detection
There are 2 repositories under cobaltstrike-detection topic.
DamonMohammadbagher/ETWProcessMon2
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
eremit4/cs-discovery
Detecting Cobalt Strike Team Servers on targets through traffic telemetry.