F-Secure Countercept (countercept)

F-Secure Countercept

countercept

Organization data from Github https://github.com/countercept

Location:UK, New York, South Africa, Singapore

Home Page:https://www.f-secure.com/en/business/products/advanced-threat-protection/countercept

Github PK Tool:Github PK Tool

F-Secure Countercept's repositories

ESFang

ESF modular ingestion tool for development and research.

Language:Objective-CStargazers:0Forks:0Issues:0

chainsaw

Rapidly Search and Hunt through Windows Event Logs

Language:RustLicense:GPL-3.0Stargazers:656Forks:53Issues:9

tau-engine

A document tagging library

Language:RustLicense:MITStargazers:10Forks:2Issues:0

snake-skin

snake-skin - the web ui for snake

Language:SvelteStargazers:0Forks:2Issues:13

mongo-rs

A higher-level wrapper on top of the official bson & mongodb crates.

Language:RustLicense:MITStargazers:10Forks:3Issues:3

snake-core

snake-core - the real snake

Language:PythonLicense:BSD-3-ClauseStargazers:7Forks:3Issues:9

snake

snake - a malware storage zoo

Language:ShellLicense:BSD-3-ClauseStargazers:192Forks:38Issues:3

snake-scales

snake-scales - the default repository of snake scales

Language:PythonLicense:BSD-3-ClauseStargazers:3Forks:4Issues:1

python-exe-unpacker

A helper script for unpacking and decompiling EXEs compiled from python code.

Language:PythonLicense:GPL-3.0Stargazers:556Forks:240Issues:18

snake-tail

snake-tail - the command line ui for snake

Language:PythonLicense:BSD-3-ClauseStargazers:0Forks:3Issues:2

ppid-spoofing

Scripts for performing and detecting parent PID spoofing

Language:PowerShellLicense:BSD-3-ClauseStargazers:100Forks:18Issues:1

AMSIDetection

AMSI detection PoC

Language:C#Stargazers:24Forks:4Issues:0

RemotePSpy

RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShell which do not have comprehensive logging facilities built in.

Language:PythonLicense:NOASSERTIONStargazers:14Forks:10Issues:1

doublepulsar-detection-script

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

Language:PythonLicense:BSD-3-ClauseStargazers:985Forks:339Issues:12

usb-ninja-detection-poc

USB Ninja Detection PoC

Language:C++Stargazers:2Forks:1Issues:0

ModuleStomping

https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/

Language:C++Stargazers:53Forks:10Issues:2

shadowhammer

Tools related to 'shadowhammer' attack, https://securelist.com/operation-shadowhammer/89992

Language:PythonStargazers:6Forks:2Issues:0

dotnet-gargoyle

A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique

Language:C#Stargazers:29Forks:9Issues:0

snake-charmer

snake-charmer - the regression test suite for snake

Language:PythonLicense:BSD-3-ClauseStargazers:0Forks:0Issues:0
Language:PythonLicense:GPL-2.0Stargazers:8Forks:0Issues:0

memory-carving-scripts

Scripts for extracting useful information from infected memory dumps

Language:PowerShellLicense:BSD-3-ClauseStargazers:6Forks:5Issues:0

radare2-scripts

A collection of useful radare2 scripts!

Language:PythonLicense:BSD-3-ClauseStargazers:24Forks:10Issues:0

doublepulsar-usermode-injector

A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.

Language:CLicense:BSD-3-ClauseStargazers:101Forks:43Issues:1

doublepulsar-c2-traffic-decryptor

A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant

Language:PythonLicense:BSD-3-ClauseStargazers:220Forks:94Issues:0

ReflectiveDLLInjection

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

Language:CLicense:NOASSERTIONStargazers:1Forks:0Issues:0