countercept
There are 31 repositories under countercept topic.
WithSecureLabs/chainsaw
Rapidly Search and Hunt through Windows Forensic Artefacts
WithSecureLabs/doublepulsar-detection-script
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
WithSecureLabs/python-exe-unpacker
A helper script for unpacking and decompiling EXEs compiled from python code.
WithSecureLabs/CallStackSpoofer
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
WithSecureLabs/doublepulsar-c2-traffic-decryptor
A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant
WithSecureLabs/LinuxCatScale
Incident Response collection and processing scripts with automated reporting scripts
WithSecureLabs/snake
snake - a malware storage zoo
WithSecureLabs/ppid-spoofing
Scripts for performing and detecting parent PID spoofing
WithSecureLabs/detectree
Data visualization for blue teams
WithSecureLabs/doublepulsar-usermode-injector
A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.
WithSecureLabs/ModuleStomping
https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
WithSecureLabs/dotnet-gargoyle
A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique
WithSecureLabs/AMSIDetection
AMSI detection PoC
WithSecureLabs/tau-engine
A document tagging library
WithSecureLabs/ESFang
ESF modular ingestion tool for development and research.
WithSecureLabs/radare2-scripts
A collection of useful radare2 scripts!
WithSecureLabs/macOSTriageCollectionScript
A triage data collection script for macOS
WithSecureLabs/RemotePSpy
RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShell which do not have comprehensive logging facilities built in.
WithSecureLabs/mongo-rs
A higher-level wrapper on top of the official bson & mongodb crates.
WithSecureLabs/snake-core
snake-core - the real snake
WithSecureLabs/memory-carving-scripts
Scripts for extracting useful information from infected memory dumps
WithSecureLabs/shadowhammer
Tools related to 'shadowhammer' attack, https://securelist.com/operation-shadowhammer/89992
WithSecureLabs/ReflectiveDLLInjection
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
WithSecureLabs/snake-scales
snake-scales - the default repository of snake scales
WithSecureLabs/usb-ninja-detection-poc
USB Ninja Detection PoC
WithSecureLabs/snake-skin
snake-skin - the web ui for snake
WithSecureLabs/snake-tail
snake-tail - the command line ui for snake
WithSecureLabs/snake-charmer
snake-charmer - the regression test suite for snake