Organization data from Github https://github.com/countercept
Location:UK, New York, South Africa, Singapore
Github PK Tool:Github PK Tool
Rapidly Search and Hunt through Windows Event Logs
snake-core - the real snake
ESF modular ingestion tool for development and research.
A document tagging library
snake-skin - the web ui for snake
A higher-level wrapper on top of the official bson & mongodb crates.
snake - a malware storage zoo
snake-scales - the default repository of snake scales
A helper script for unpacking and decompiling EXEs compiled from python code.
snake-tail - the command line ui for snake
Scripts for performing and detecting parent PID spoofing
AMSI detection PoC
RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShell which do not have comprehensive logging facilities built in.
A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.
USB Ninja Detection PoC
Tools related to 'shadowhammer' attack, https://securelist.com/operation-shadowhammer/89992
A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique
snake-charmer - the regression test suite for snake
Scripts for extracting useful information from infected memory dumps
A collection of useful radare2 scripts!
A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.
A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.