F-Secure Countercept

Repositories

• ppid-spoofing

  Scripts for performing and detecting parent PID spoofing
  PowerShell BSD-3-Clause 7 49 0 1 Updated May 16, 2020

• snake-core

  snake-core - the real snake
  Python BSD-3-Clause 2 7 4 1 Updated Apr 21, 2020

• python-exe-unpacker

  A helper script for unpacking and decompiling EXEs compiled from python code.
  Python GPL-3.0 130 365 11 2 Updated Apr 20, 2020

• AMSIDetection

  AMSI detection PoC
  C# 1 5 0 0 Updated Apr 14, 2020

• snake-skin

  snake-skin - the web ui for snake
  HTML 1 0 0 1 Updated Mar 14, 2020

• RemotePSpy

  RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShell which do not have comprehensive logging facilities built in.
  Python 7 10 0 1 Updated Mar 12, 2020

• doublepulsar-detection-script

  A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

  security-scanner security-tools
  Python BSD-3-Clause 326 958 9 5 Updated Feb 3, 2020

• snake

  snake - a malware storage zoo
  Shell BSD-3-Clause 36 162 5 0 Updated Jan 27, 2020

• snake-tail

  snake-tail - the command line ui for snake
  Python BSD-3-Clause 1 0 1 0 Updated Jan 25, 2020

• snake-scales

  snake-scales - the default repository of snake scales
  Python BSD-3-Clause 2 2 1 0 Updated Jan 25, 2020

• usb-ninja-detection-poc

  USB Ninja Detection PoC
  C++ 0 0 0 0 Updated Nov 19, 2019

• ModuleStomping

  https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/
  C++ 5 24 1 0 Updated Sep 19, 2019

• shadowhammer

  Tools related to 'shadowhammer' attack, https://securelist.com/operation-shadowhammer/89992
  Python 2 6 0 0 Updated Mar 28, 2019

• dotnet-gargoyle

  A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique
  C# 11 24 0 0 Updated Dec 6, 2018

• snake-charmer

  snake-charmer - the regression test suite for snake
  Python BSD-3-Clause 1 0 0 0 Updated Sep 25, 2018

• volatility-plugins
  Python GPL-2.0 0 8 0 0 Updated Sep 20, 2018

• memory-carving-scripts

  Scripts for extracting useful information from infected memory dumps
  PowerShell BSD-3-Clause 5 4 0 0 Updated May 31, 2018

• radare2-scripts

  A collection of useful radare2 scripts!
  Python BSD-3-Clause 10 20 0 0 Updated Feb 2, 2018

• doublepulsar-usermode-injector

  A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.
  C BSD-3-Clause 41 87 1 0 Updated Jun 27, 2017

• doublepulsar-c2-traffic-decryptor

  A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant
  Python BSD-3-Clause 95 208 0 0 Updated Apr 17, 2017

• ReflectiveDLLInjection

  Forked from stephenfewer/ReflectiveDLLInjection

  Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
  C 484 1 0 0 Updated Jul 21, 2016