Projects in Awesome Lists by WithSecureLabs

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

Last synced: 07 Apr 2025

https://github.com/WithSecureLabs/C3

Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.

Last synced: 24 Mar 2025

https://github.com/WithSecureLabs/needle

The iOS Security Testing Framework

ios mobile needle pentesting python security

Last synced: 26 Mar 2025

https://github.com/withsecurelabs/needle

The iOS Security Testing Framework

ios mobile needle pentesting python security

Last synced: 08 Apr 2025

https://github.com/withsecurelabs/doublepulsar-detection-script

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

countercept doublepulsar script security-scanner security-tools

Last synced: 16 May 2025

https://github.com/WithSecureLabs/doublepulsar-detection-script

A python2 script for sweeping a network to find windows systems compromised with the DOUBLEPULSAR implant.

countercept doublepulsar script security-scanner security-tools

Last synced: 15 May 2025

https://github.com/withsecurelabs/python-exe-unpacker

A helper script for unpacking and decompiling EXEs compiled from python code.

countercept unpacker

Last synced: 04 Oct 2025

https://github.com/WithSecureLabs/awspx

A graph-based tool for visualizing effective access and resource relationships in AWS environments.

aws aws-security graph-theory pentesting

Last synced: 29 Apr 2025

https://github.com/FSecureLABS/leonidas

Automated Attack Simulation in the Cloud, complete with detection use cases.

Last synced: 02 May 2025

https://github.com/withsecurelabs/callstackspoofer

A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

countercept spoofer

Last synced: 25 Jun 2025

https://github.com/WithSecureLabs/leonidas

Automated Attack Simulation in the Cloud, complete with detection use cases.

Last synced: 01 Apr 2025

https://github.com/ReversecLabs/android-keystore-audit

Last synced: 11 Jul 2025

https://github.com/ReversecLabs/Jandroid

Last synced: 12 Jul 2025

https://github.com/ReversecLabs/lolcerts

A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors

Last synced: 12 Oct 2025

https://github.com/WithSecureLabs/LinuxCatScale

Incident Response collection and processing scripts with automated reporting scripts

collection countercept incident-response linux triage

Last synced: 12 Jul 2025

https://github.com/WithSecureLabs/doublepulsar-c2-traffic-decryptor

A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant

countercept decryptor doublepulsar

Last synced: 11 May 2025

https://github.com/countercept/doublepulsar-c2-traffic-decryptor

A python2 script for processing a PCAP file to decrypt C2 traffic sent to DOUBLEPULSAR implant

countercept decryptor doublepulsar

Last synced: 21 Feb 2025

https://github.com/WithSecureLabs/snake

snake - a malware storage zoo

countercept python snake

Last synced: 21 Nov 2025

https://github.com/withsecurelabs/snake

snake - a malware storage zoo

countercept python snake

Last synced: 20 Aug 2025

https://github.com/ReversecLabs/Jamf-Attack-Toolkit

Suite of tools to facilitate attacks against the Jamf macOS management platform.

Last synced: 12 Jul 2025

https://github.com/ReversecLabs/drozer-modules

android drozer java mobile mwr pentesting security

Last synced: 29 Jul 2025

https://github.com/withsecurelabs/ppid-spoofing

Scripts for performing and detecting parent PID spoofing

countercept spoofing

Last synced: 25 Jun 2025

https://github.com/ReversecLabs/drozer-agent

The Android Agent for the Drozer Security Assessment Framework.

android drozer java mobile mobsec mwr pentesting security withsecure

Last synced: 11 Jul 2025

https://github.com/withsecurelabs/detectree

Data visualization for blue teams

countercept detection svelte visualisation

Last synced: 21 Jun 2025

https://github.com/withsecurelabs/modulestomping

https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/

countercept module-stomping security

Last synced: 25 Jun 2025

https://github.com/withsecurelabs/doublepulsar-usermode-injector

A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.

countercept doublepulsar injector

Last synced: 25 Jun 2025

https://github.com/withsecurelabs/garbageman

GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.

Last synced: 25 Jun 2025

https://github.com/withsecurelabs/ticktock

Last synced: 25 Jun 2025

https://github.com/withsecurelabs/dotnet-gargoyle

A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique

countercept gargoyle

Last synced: 25 Jun 2025

https://github.com/withsecurelabs/esfang

ESF modular ingestion tool for development and research.

countercept

Last synced: 25 Jun 2025

https://github.com/withsecurelabs/amsidetection

AMSI detection PoC

countercept

Last synced: 25 Oct 2025

https://github.com/withsecurelabs/tau-engine

A document tagging library

countercept detection-engine rule-engine rust tau yaml

Last synced: 25 Jun 2025

https://github.com/withsecurelabs/macostriagecollectionscript

A triage data collection script for macOS

collection countercept incident-response triage

Last synced: 25 Jun 2025

https://github.com/withsecurelabs/remotepspy

RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShell which do not have comprehensive logging facilities built in.

countercept

Last synced: 14 Dec 2025