dissect.cobaltstrike
latest
Overview
Installation
Examples
Tutorials
Scripts
Tools
beacon-artifact
beacon-client
beacon-dump
beacon-pcap
beacon-xordecode
c2profile-dump
Reference
API reference
Structure definitions
C2Profile grammar
Links
GitHub Repository
GitHub Discussions
Python Package Index
dissect.cobaltstrike
Index
Edit on GitHub
Index
_
|
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
J
|
K
|
L
|
M
|
N
|
O
|
P
|
R
|
S
|
T
|
U
|
V
|
W
|
X
_
__eq__() (dissect.cobaltstrike.c_c2.BeaconMetadata method)
(dissect.cobaltstrike.c_c2.CallbackPacket method)
(dissect.cobaltstrike.c_c2.TaskPacket method)
__getitem__() (dissect.cobaltstrike.utils.LRUDict method)
__hash__() (dissect.cobaltstrike.c_c2.BeaconMetadata method)
(dissect.cobaltstrike.c_c2.CallbackPacket method)
(dissect.cobaltstrike.c_c2.TaskPacket method)
__iter__() (dissect.cobaltstrike.c2profile.StringIterator method)
(dissect.cobaltstrike.pcap.BeaconCapture method)
__name__ (dissect.cobaltstrike.c2profile.C2Profile attribute)
(dissect.cobaltstrike.c2profile.ConfigBlock attribute)
(dissect.cobaltstrike.c2profile.DataTransformBlock attribute)
(dissect.cobaltstrike.c2profile.DnsBeaconBlock attribute)
(dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
(dissect.cobaltstrike.c2profile.HttpConfigBlock attribute)
(dissect.cobaltstrike.c2profile.HttpGetBlock attribute)
(dissect.cobaltstrike.c2profile.HttpOptionsBlock attribute)
(dissect.cobaltstrike.c2profile.HttpPostBlock attribute)
(dissect.cobaltstrike.c2profile.HttpStagerBlock attribute)
(dissect.cobaltstrike.c2profile.PostExBlock attribute)
(dissect.cobaltstrike.c2profile.ProcessInjectBlock attribute)
(dissect.cobaltstrike.c2profile.StageBlock attribute)
(dissect.cobaltstrike.c2profile.StageTransformBlock attribute)
__next__() (dissect.cobaltstrike.c2profile.StringIterator method)
__repr__() (dissect.cobaltstrike.beacon.BeaconConfig method)
(dissect.cobaltstrike.version.BeaconVersion method)
(dissect.cobaltstrike.xordecode.XorEncodedFile method)
__setitem__() (dissect.cobaltstrike.utils.LRUDict method)
__str__() (dissect.cobaltstrike.c2profile.C2Profile method)
(dissect.cobaltstrike.version.BeaconVersion method)
_beacon_loop() (dissect.cobaltstrike.client.HttpBeaconClient method)
_enable() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_header() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_initial_get_request() (dissect.cobaltstrike.client.HttpBeaconClient method)
_initial_post_request() (dissect.cobaltstrike.client.HttpBeaconClient method)
_pair() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_parameter() (dissect.cobaltstrike.c2profile.ConfigBlock method)
A
add_step() (dissect.cobaltstrike.c2profile.DataTransformBlock method)
add_termination() (dissect.cobaltstrike.c2profile.DataTransformBlock method)
aes_key (dissect.cobaltstrike.c2.BeaconKeys attribute)
aes_rand (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
ansi_cp (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
architecture (dissect.cobaltstrike.beacon.BeaconConfig attribute)
ArtifactKitPayload (class in dissect.cobaltstrike.artifact)
as_dict() (dissect.cobaltstrike.c2profile.C2Profile method)
as_text() (dissect.cobaltstrike.c2profile.C2Profile method)
B
BeaconCallback (class in dissect.cobaltstrike.c_c2)
BeaconCapture (class in dissect.cobaltstrike.pcap)
BeaconCommand (class in dissect.cobaltstrike.c_c2)
BeaconConfig (class in dissect.cobaltstrike.beacon)
BeaconKeys (class in dissect.cobaltstrike.c2)
BeaconMetadata (class in dissect.cobaltstrike.c_c2)
BeaconProtocol (in module dissect.cobaltstrike.beacon)
BeaconSetting (in module dissect.cobaltstrike.beacon)
BeaconVersion (class in dissect.cobaltstrike.version)
bid (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
body (dissect.cobaltstrike.c2.HttpRequest attribute)
(dissect.cobaltstrike.c2.HttpResponse attribute)
build_parser() (in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2profile)
(in module dissect.cobaltstrike.client)
C
C2_DEF (in module dissect.cobaltstrike.c_c2)
C2Data (class in dissect.cobaltstrike.c2)
C2Http (class in dissect.cobaltstrike.c2)
C2Packet (in module dissect.cobaltstrike.c2)
c2packet_to_record() (in module dissect.cobaltstrike.c2)
(in module dissect.cobaltstrike.pcap)
C2Profile (class in dissect.cobaltstrike.c2profile)
c2profile_parser (in module dissect.cobaltstrike.c2profile)
c2struct (in module dissect.cobaltstrike.c_c2)
callback (dissect.cobaltstrike.c_c2.CallbackPacket attribute)
CALLBACK_ACCEPT (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_CHUNK_ALLOCATE (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_CHUNK_SEND (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_CLOSE (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_CONNECT (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_DEAD (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_ERROR (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_FILE (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_FILE_CLOSE (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_FILE_WRITE (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_HASHDUMP (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_JOBS (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_KEYSTROKES (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_NETVIEW (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_OUTPUT (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_OUTPUT_OEM (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_OUTPUT_UTF8 (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PENDING (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PING (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PIPE_CLOSE (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PIPE_OPEN (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PIPE_PING (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PIPE_READ (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PORTSCAN (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_POST_ERROR (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_POST_REPLAY_ERROR (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PROCESS_LIST (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PWD (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_READ (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_SCREENSHOT (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_SSH_STATUS (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_TOKEN_GETUID (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_TOKEN_STOLEN (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CallbackDebugMessage() (in module dissect.cobaltstrike.client)
CallbackError() (in module dissect.cobaltstrike.client)
CallbackOutputMessage() (in module dissect.cobaltstrike.client)
CallbackPacket (class in dissect.cobaltstrike.c_c2)
catch_all() (dissect.cobaltstrike.client.HttpBeaconClient method)
catch_sigpipe() (in module dissect.cobaltstrike.utils)
checksum8() (in module dissect.cobaltstrike.utils)
ciphertext (dissect.cobaltstrike.c2.EncryptedPacket attribute)
ClientC2Data (class in dissect.cobaltstrike.c2)
command (dissect.cobaltstrike.c_c2.TaskPacket attribute)
COMMAND_ARGUE_ADD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_ARGUE_LIST (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_ARGUE_REMOVE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_BLOCKDLLS (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_CANCEL_DOWNLOAD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_CD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_CHECKIN (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_CLOSE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_CONNECT (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_DIE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_DLL_LOAD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_DOWNLOAD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_ELEVATE_POST (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_ELEVATE_PRE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_EXECUTE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_EXECUTE_JOB (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_FILE_COPY (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_FILE_DRIVES (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_FILE_LIST (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_FILE_MKDIR (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_FILE_MOVE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_FILE_RM (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_GETPRIVS (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECT_PID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECT_PID_PING (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECT_PING (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECT_POWERSHELLX64_PID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECT_POWERSHELLX86_PID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECTX64_PID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECTX64_PID_PING (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECTX64_PING (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INLINE_EXECUTE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INLINE_EXECUTE_OBJECT (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_KILL (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_REGISTER (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_REGISTER_IMPERSONATE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_REGISTER_MSGMODE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_SPAWN_TOKEN_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_SPAWN_TOKEN_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_SPAWN_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_SPAWN_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOBS (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_KEYLOG_START (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_KEYLOG_STOP (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_LISTEN (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_LOGINUSER (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_LSOCKET_BIND (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_LSOCKET_BIND_LOCALHOST (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_LSOCKET_CLOSE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_LSOCKET_TCPPIVOT (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_NOOP (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PAUSE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PIPE_CLOSE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PIPE_OPEN_EXPLICIT (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PIPE_REOPEN (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PIPE_ROUTE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PPID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PS_KILL (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PS_LIST (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PSH_HOST_TCP (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PSH_IMPORT (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PWD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_REG_QUERY (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_RUN_INJECT_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_RUN_INJECT_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_RUN_UNDER_PID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_RUNAS (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SEND (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SETENV (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SHELL (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SLEEP (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN_POWERSHELLX64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN_POWERSHELLX86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN_PROC_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN_PROC_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN_TOKEN_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN_TOKEN_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWNAS_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWNAS_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWNU_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWNU_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWNX64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_STAGE_PAYLOAD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_STAGE_PAYLOAD_SMB (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_STEAL_TOKEN (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_TCP_CONNECT (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_TIMESTOMP (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_TOKEN_GETUID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_TOKEN_REV2SELF (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_UPLOAD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_UPLOAD_CONTINUE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_WEBSERVER_LOCAL (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMPUTERNAME_TEMPLATES (in module dissect.cobaltstrike.client)
config_block (dissect.cobaltstrike.beacon.BeaconConfig attribute)
ConfigBlock (class in dissect.cobaltstrike.c2profile)
counter (dissect.cobaltstrike.c_c2.CallbackPacket attribute)
createremotethread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
createremotethread_special (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
createthread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
createthread_special (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
CryptoScheme (in module dissect.cobaltstrike.beacon)
CS_DEF (in module dissect.cobaltstrike.beacon)
cs_struct (in module dissect.cobaltstrike.beacon)
D
data (dissect.cobaltstrike.c_c2.CallbackPacket attribute)
(dissect.cobaltstrike.c_c2.TaskPacket attribute)
DataTransformBlock (class in dissect.cobaltstrike.c2profile)
date (dissect.cobaltstrike.version.BeaconVersion attribute)
decrypt_data() (in module dissect.cobaltstrike.c2)
decrypt_metadata() (in module dissect.cobaltstrike.c2)
decrypt_packet() (in module dissect.cobaltstrike.c2)
DEFAULT_AES_IV (dissect.cobaltstrike.c2.BeaconKeys attribute)
DEFAULT_XOR_KEYS (in module dissect.cobaltstrike.beacon)
DeprecatedBeaconSetting (in module dissect.cobaltstrike.beacon)
derive_aes_hmac_keys() (in module dissect.cobaltstrike.c2)
dissect.cobaltstrike
module
dissect.cobaltstrike.artifact
module
dissect.cobaltstrike.beacon
module
dissect.cobaltstrike.c2
module
dissect.cobaltstrike.c2profile
module
dissect.cobaltstrike.c_c2
module
dissect.cobaltstrike.client
module
dissect.cobaltstrike.pcap
module
dissect.cobaltstrike.pe
module
dissect.cobaltstrike.utils
module
dissect.cobaltstrike.version
module
dissect.cobaltstrike.xordecode
module
DnsBeaconBlock (class in dissect.cobaltstrike.c2profile)
domain_uri_pairs (dissect.cobaltstrike.beacon.BeaconConfig property)
domains (dissect.cobaltstrike.beacon.BeaconConfig property)
DOSHEADER_X64 (in module dissect.cobaltstrike.pe)
DOSHEADER_X86 (in module dissect.cobaltstrike.pe)
dumps() (dissect.cobaltstrike.c2.EncryptedPacket method)
E
enable_reprlib_c2() (in module dissect.cobaltstrike.c2)
enable_reprlib_cstruct() (in module dissect.cobaltstrike.utils)
enable_reprlib_flow_record() (in module dissect.cobaltstrike.utils)
encrypt_data() (in module dissect.cobaltstrike.c2)
encrypt_metadata() (in module dissect.cobaltstrike.c2)
encrypt_packet() (in module dissect.cobaltstrike.c2)
EncryptedPacket (class in dissect.cobaltstrike.c2)
EOF_SHELLCODE_MARKER (dissect.cobaltstrike.xordecode.XorEncodedFile attribute)
epoch (dissect.cobaltstrike.c_c2.TaskPacket attribute)
ExecuteOptionsBlock (class in dissect.cobaltstrike.c2profile)
F
find_architecture() (in module dissect.cobaltstrike.pe)
find_beacon_config_bytes() (in module dissect.cobaltstrike.beacon)
find_compile_stamps() (in module dissect.cobaltstrike.pe)
find_magic_mz() (in module dissect.cobaltstrike.pe)
find_magic_pe() (in module dissect.cobaltstrike.pe)
find_mz_offset() (in module dissect.cobaltstrike.pe)
find_stage_prepend_append() (in module dissect.cobaltstrike.pe)
find_staged_beacon() (dissect.cobaltstrike.pcap.BeaconCapture method)
FIRST_NAMES (in module dissect.cobaltstrike.client)
flag (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
from_aes_rand() (dissect.cobaltstrike.c2.BeaconKeys class method)
from_beacon_config() (dissect.cobaltstrike.c2profile.C2Profile class method)
from_beacon_metadata() (dissect.cobaltstrike.c2.BeaconKeys class method)
from_bytes() (dissect.cobaltstrike.beacon.BeaconConfig class method)
from_execute_list() (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock class method)
from_file() (dissect.cobaltstrike.beacon.BeaconConfig class method)
(dissect.cobaltstrike.xordecode.XorEncodedFile class method)
from_max_setting_enum() (dissect.cobaltstrike.version.BeaconVersion class method)
from_path() (dissect.cobaltstrike.beacon.BeaconConfig class method)
(dissect.cobaltstrike.c2profile.C2Profile class method)
(dissect.cobaltstrike.xordecode.XorEncodedFile class method)
from_pe_export_stamp() (dissect.cobaltstrike.version.BeaconVersion class method)
from_text() (dissect.cobaltstrike.c2profile.C2Profile class method)
G
get_handlers() (dissect.cobaltstrike.client.HttpBeaconClient method)
get_sleep_time() (dissect.cobaltstrike.client.HttpBeaconClient method)
get_task() (dissect.cobaltstrike.client.HttpBeaconClient method)
get_transform_for_http() (dissect.cobaltstrike.c2.C2Http method)
grouper() (in module dissect.cobaltstrike.beacon)
H
handle() (dissect.cobaltstrike.client.HttpBeaconClient method)
has_next() (dissect.cobaltstrike.c2profile.StringIterator method)
header (dissect.cobaltstrike.c2profile.HttpConfigBlock attribute)
(dissect.cobaltstrike.c2profile.HttpOptionsBlock attribute)
headers (dissect.cobaltstrike.c2.HttpRequest attribute)
(dissect.cobaltstrike.c2.HttpResponse attribute)
hints (dissect.cobaltstrike.artifact.ArtifactKitPayload attribute)
hmac_key (dissect.cobaltstrike.c2.BeaconKeys attribute)
HttpBeaconClient (class in dissect.cobaltstrike.client)
HttpConfigBlock (class in dissect.cobaltstrike.c2profile)
HttpDataTransform (class in dissect.cobaltstrike.c2)
HttpGetBlock (class in dissect.cobaltstrike.c2profile)
HttpOptionsBlock (class in dissect.cobaltstrike.c2profile)
HttpPostBlock (class in dissect.cobaltstrike.c2profile)
HttpRequest (class in dissect.cobaltstrike.c2)
HttpResponse (class in dissect.cobaltstrike.c2)
HttpStagerBlock (class in dissect.cobaltstrike.c2profile)
I
id (dissect.cobaltstrike.c2.C2Data attribute)
info (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
init_kwargs() (dissect.cobaltstrike.c2profile.ConfigBlock method)
InjectAllocator (in module dissect.cobaltstrike.beacon)
InjectExecutor (in module dissect.cobaltstrike.beacon)
ip (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
is_stager_x64() (in module dissect.cobaltstrike.utils)
is_stager_x86() (in module dissect.cobaltstrike.utils)
is_trial (dissect.cobaltstrike.beacon.BeaconConfig property)
iter_artifactkit_payloads() (in module dissect.cobaltstrike.artifact)
iter_beacon_config_blocks() (in module dissect.cobaltstrike.beacon)
iter_encrypted_packets() (dissect.cobaltstrike.c2.ClientC2Data method)
(dissect.cobaltstrike.c2.ServerC2Data method)
iter_find_needle() (in module dissect.cobaltstrike.utils)
iter_nonce_offsets() (in module dissect.cobaltstrike.xordecode)
iter_parse_pcap() (dissect.cobaltstrike.pcap.BeaconCapture method)
iter_recover_http() (dissect.cobaltstrike.c2.C2Http method)
iter_settings() (in module dissect.cobaltstrike.beacon)
iv (dissect.cobaltstrike.c2.BeaconKeys attribute)
J
jitter (dissect.cobaltstrike.beacon.BeaconConfig property)
K
killdate (dissect.cobaltstrike.beacon.BeaconConfig property)
L
LAST_NAMES (in module dissect.cobaltstrike.client)
log_task() (in module dissect.cobaltstrike.client)
logger (in module dissect.cobaltstrike.artifact)
(in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2)
(in module dissect.cobaltstrike.c2profile)
(in module dissect.cobaltstrike.client)
(in module dissect.cobaltstrike.pcap)
(in module dissect.cobaltstrike.pe)
(in module dissect.cobaltstrike.xordecode)
LRUDict (class in dissect.cobaltstrike.utils)
M
magic (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
main() (in module dissect.cobaltstrike.artifact)
(in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2profile)
(in module dissect.cobaltstrike.client)
(in module dissect.cobaltstrike.pcap)
(in module dissect.cobaltstrike.xordecode)
make_byte_list() (in module dissect.cobaltstrike.beacon)
MAX_ENUM_TO_VERSION (in module dissect.cobaltstrike.version)
max_setting_enum (dissect.cobaltstrike.beacon.BeaconConfig property)
metadata (dissect.cobaltstrike.c2.C2Data attribute)
method (dissect.cobaltstrike.c2.HttpRequest attribute)
module
dissect.cobaltstrike
dissect.cobaltstrike.artifact
dissect.cobaltstrike.beacon
dissect.cobaltstrike.c2
dissect.cobaltstrike.c2profile
dissect.cobaltstrike.c_c2
dissect.cobaltstrike.client
dissect.cobaltstrike.pcap
dissect.cobaltstrike.pe
dissect.cobaltstrike.utils
dissect.cobaltstrike.version
dissect.cobaltstrike.xordecode
N
namedtuple_reprlib_repr() (in module dissect.cobaltstrike.utils)
netbios_decode() (in module dissect.cobaltstrike.utils)
netbios_encode() (in module dissect.cobaltstrike.utils)
next() (dissect.cobaltstrike.c2profile.StringIterator method)
ntqueueapcthread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
ntqueueapcthread_s (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
null_terminated_bytes() (in module dissect.cobaltstrike.beacon)
null_terminated_str() (in module dissect.cobaltstrike.beacon)
O
oem_cp (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
offset (dissect.cobaltstrike.artifact.ArtifactKitPayload attribute)
output (dissect.cobaltstrike.c2.C2Data attribute)
P
p16 (in module dissect.cobaltstrike.utils)
p16be (in module dissect.cobaltstrike.utils)
p32 (in module dissect.cobaltstrike.utils)
p32be (in module dissect.cobaltstrike.utils)
p64 (in module dissect.cobaltstrike.utils)
p64be (in module dissect.cobaltstrike.utils)
p8 (in module dissect.cobaltstrike.utils)
pack() (in module dissect.cobaltstrike.utils)
pack_be (in module dissect.cobaltstrike.utils)
packet_to_record() (in module dissect.cobaltstrike.pcap)
PacketRecord (in module dissect.cobaltstrike.pcap)
pad() (in module dissect.cobaltstrike.c2)
parameter (dissect.cobaltstrike.c2profile.HttpOptionsBlock attribute)
params (dissect.cobaltstrike.c2.HttpRequest attribute)
parse_commandline_options() (in module dissect.cobaltstrike.client)
parse_execute_list() (in module dissect.cobaltstrike.beacon)
parse_gargle() (in module dissect.cobaltstrike.beacon)
parse_pivot_frame() (in module dissect.cobaltstrike.beacon)
parse_process_injection_transform_steps() (in module dissect.cobaltstrike.beacon)
parse_raw_http() (in module dissect.cobaltstrike.c2)
parse_recover_binary() (in module dissect.cobaltstrike.beacon)
parse_transform_binary() (in module dissect.cobaltstrike.beacon)
payload (dissect.cobaltstrike.artifact.ArtifactKitPayload attribute)
pe_compile_stamp (dissect.cobaltstrike.beacon.BeaconConfig attribute)
PE_DEF (in module dissect.cobaltstrike.pe)
pe_export_stamp (dissect.cobaltstrike.beacon.BeaconConfig attribute)
PE_EXPORT_STAMP_TO_VERSION (in module dissect.cobaltstrike.version)
pestruct (in module dissect.cobaltstrike.pe)
pid (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
port (dissect.cobaltstrike.beacon.BeaconConfig property)
(dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
PostExBlock (class in dissect.cobaltstrike.c2profile)
print_settings() (dissect.cobaltstrike.client.HttpBeaconClient method)
PROCESS_NAMES (in module dissect.cobaltstrike.client)
ProcessInjectBlock (class in dissect.cobaltstrike.c2profile)
properties (dissect.cobaltstrike.c2profile.C2Profile property)
protocol (dissect.cobaltstrike.beacon.BeaconConfig property)
ProxyServer (in module dissect.cobaltstrike.beacon)
ptr_gmh (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
ptr_gpa (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
ptr_x64 (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
public_key (dissect.cobaltstrike.beacon.BeaconConfig property)
R
raise_for_signature() (dissect.cobaltstrike.c2.EncryptedPacket method)
random_computer_name() (in module dissect.cobaltstrike.client)
random_internal_ip() (in module dissect.cobaltstrike.client)
random_process_name() (in module dissect.cobaltstrike.client)
random_stager_uri() (in module dissect.cobaltstrike.utils)
random_username_name() (in module dissect.cobaltstrike.client)
random_windows_ver() (in module dissect.cobaltstrike.client)
raw_http_from_packet() (in module dissect.cobaltstrike.pcap)
raw_settings (dissect.cobaltstrike.beacon.BeaconConfig property)
raw_settings_by_index (dissect.cobaltstrike.beacon.BeaconConfig property)
read() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
read_nonce() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
reason (dissect.cobaltstrike.c2.HttpResponse attribute)
recover() (dissect.cobaltstrike.c2.HttpDataTransform method)
REGEX_VERSION (dissect.cobaltstrike.version.BeaconVersion attribute)
register_task() (dissect.cobaltstrike.client.HttpBeaconClient method)
request (dissect.cobaltstrike.c2.HttpResponse attribute)
retain_file_offset() (in module dissect.cobaltstrike.utils)
rtlcreateuserthread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
run() (dissect.cobaltstrike.client.HttpBeaconClient method)
S
seek() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
send_callback() (dissect.cobaltstrike.client.HttpBeaconClient method)
ServerC2Data (class in dissect.cobaltstrike.c2)
set_config_block() (dissect.cobaltstrike.c2profile.ConfigBlock method)
set_non_empty_config_block() (dissect.cobaltstrike.c2profile.ConfigBlock method)
set_option() (dissect.cobaltstrike.c2profile.C2Profile method)
(dissect.cobaltstrike.c2profile.ConfigBlock method)
setthreadcontext (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
Setting (in module dissect.cobaltstrike.beacon)
setting_enums (dissect.cobaltstrike.beacon.BeaconConfig property)
SETTING_TO_PRETTYFUNC (in module dissect.cobaltstrike.beacon)
settings (dissect.cobaltstrike.beacon.BeaconConfig property)
settings_by_index (dissect.cobaltstrike.beacon.BeaconConfig property)
settings_map() (dissect.cobaltstrike.beacon.BeaconConfig method)
settings_tuple (dissect.cobaltstrike.beacon.BeaconConfig attribute)
SettingsType (in module dissect.cobaltstrike.beacon)
sha256sum_pubkey() (in module dissect.cobaltstrike.beacon)
signature (dissect.cobaltstrike.c2.EncryptedPacket attribute)
size (dissect.cobaltstrike.artifact.ArtifactKitPayload attribute)
(dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
(dissect.cobaltstrike.c_c2.CallbackPacket attribute)
(dissect.cobaltstrike.c_c2.TaskPacket attribute)
sleeptime (dissect.cobaltstrike.beacon.BeaconConfig property)
StageBlock (class in dissect.cobaltstrike.c2profile)
StageTransformBlock (class in dissect.cobaltstrike.c2profile)
status (dissect.cobaltstrike.c2.HttpResponse attribute)
string_token_to_bytes() (in module dissect.cobaltstrike.c2profile)
StringIterator (class in dissect.cobaltstrike.c2profile)
strrep (dissect.cobaltstrike.c2profile.StageTransformBlock attribute)
submit_uri (dissect.cobaltstrike.beacon.BeaconConfig property)
T
TaskPacket (class in dissect.cobaltstrike.c_c2)
tell() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
total_size (dissect.cobaltstrike.c_c2.TaskPacket attribute)
transform() (dissect.cobaltstrike.c2.HttpDataTransform method)
TransformStep (in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2)
tree (dissect.cobaltstrike.c2profile.DataTransformBlock property)
tuple (dissect.cobaltstrike.version.BeaconVersion attribute)
typedef_for_enum() (in module dissect.cobaltstrike.c_c2)
U
u16 (in module dissect.cobaltstrike.utils)
u16be (in module dissect.cobaltstrike.utils)
u32 (in module dissect.cobaltstrike.utils)
u32be (in module dissect.cobaltstrike.utils)
u64 (in module dissect.cobaltstrike.utils)
u64be (in module dissect.cobaltstrike.utils)
u8 (in module dissect.cobaltstrike.utils)
unpack() (in module dissect.cobaltstrike.utils)
unpack_be (in module dissect.cobaltstrike.utils)
uri (dissect.cobaltstrike.c2.HttpRequest attribute)
uris (dissect.cobaltstrike.beacon.BeaconConfig property)
V
value_to_string() (in module dissect.cobaltstrike.c2profile)
ver_build (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
ver_major (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
ver_minor (dissect.cobaltstrike.c_c2.BeaconMetadata attribute)
version (dissect.cobaltstrike.beacon.BeaconConfig property)
(dissect.cobaltstrike.version.BeaconVersion attribute)
version_only (dissect.cobaltstrike.version.BeaconVersion property)
version_string (dissect.cobaltstrike.version.BeaconVersion property)
W
watermark (dissect.cobaltstrike.beacon.BeaconConfig property)
X
xor() (in module dissect.cobaltstrike.utils)
xorencoded (dissect.cobaltstrike.beacon.BeaconConfig attribute)
XorEncodedFile (class in dissect.cobaltstrike.xordecode)
xorkey (dissect.cobaltstrike.artifact.ArtifactKitPayload attribute)
(dissect.cobaltstrike.beacon.BeaconConfig attribute)
Read the Docs
v: latest
Versions
latest
stable
v1.0.0
v0.2.2
v0.2.1
v0.2.0
v0.1.0
furo-theme
codespell
Downloads
pdf
html
epub
On Read the Docs
Project Home
Builds