dissect.cobaltstrike
Overview
Installation
Examples
Tutorials
Scripts
Tools
beacon-artifact
beacon-client
beacon-dump
beacon-pcap
beacon-xordecode
c2profile-dump
Reference
API reference
Structure definitions
C2Profile grammar
Beacon version identification
Links
GitHub Repository
GitHub Discussions
Python Package Index
dissect.cobaltstrike
Index
Index
_
|
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
J
|
K
|
L
|
M
|
N
|
O
|
P
|
R
|
S
|
T
|
U
|
V
|
W
|
X
_
__getitem__() (dissect.cobaltstrike.utils.LRUDict method)
__iter__() (dissect.cobaltstrike.c2profile.StringIterator method)
(dissect.cobaltstrike.pcap.BeaconCapture method)
__name__ (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
(dissect.cobaltstrike.c2profile.C2Profile attribute)
(dissect.cobaltstrike.c2profile.ConfigBlock attribute)
(dissect.cobaltstrike.c2profile.DataTransformBlock attribute)
(dissect.cobaltstrike.c2profile.DnsBeaconBlock attribute)
(dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
(dissect.cobaltstrike.c2profile.HttpBeaconBlock attribute)
(dissect.cobaltstrike.c2profile.HttpConfigBlock attribute)
(dissect.cobaltstrike.c2profile.HttpGetBlock attribute)
(dissect.cobaltstrike.c2profile.HttpOptionsBlock attribute)
(dissect.cobaltstrike.c2profile.HttpPostBlock attribute)
(dissect.cobaltstrike.c2profile.HttpStagerBlock attribute)
(dissect.cobaltstrike.c2profile.PostExBlock attribute)
(dissect.cobaltstrike.c2profile.ProcessInjectBlock attribute)
(dissect.cobaltstrike.c2profile.StageBlock attribute)
(dissect.cobaltstrike.c2profile.StageTransformBlock attribute)
__next__() (dissect.cobaltstrike.c2profile.StringIterator method)
__repr__() (dissect.cobaltstrike.beacon.BeaconConfig method)
(dissect.cobaltstrike.version.BeaconVersion method)
(dissect.cobaltstrike.xordecode.XorEncodedFile method)
__setitem__() (dissect.cobaltstrike.utils.LRUDict method)
__str__() (dissect.cobaltstrike.c2profile.C2Profile method)
(dissect.cobaltstrike.version.BeaconVersion method)
_beacon_loop() (dissect.cobaltstrike.client.HttpBeaconClient method)
_dict_cache (dissect.cobaltstrike.c2profile.C2Profile attribute)
_dict_hash (dissect.cobaltstrike.c2profile.C2Profile attribute)
_enable() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_header() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_initial_get_request() (dissect.cobaltstrike.client.HttpBeaconClient method)
_initial_post_request() (dissect.cobaltstrike.client.HttpBeaconClient method)
_pair() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_parameter() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_raw_settings (dissect.cobaltstrike.beacon.BeaconConfig attribute)
_raw_settings_by_index (dissect.cobaltstrike.beacon.BeaconConfig attribute)
_settings (dissect.cobaltstrike.beacon.BeaconConfig attribute)
_settings_by_index (dissect.cobaltstrike.beacon.BeaconConfig attribute)
A
add_step() (dissect.cobaltstrike.c2profile.DataTransformBlock method)
add_termination() (dissect.cobaltstrike.c2profile.DataTransformBlock method)
aes_key (dissect.cobaltstrike.c2.BeaconKeys attribute)
(dissect.cobaltstrike.c2.C2Http attribute)
(dissect.cobaltstrike.pcap.BeaconCapture attribute)
all (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
all_metadata (dissect.cobaltstrike.pcap.BeaconCapture attribute)
architecture (dissect.cobaltstrike.beacon.BeaconConfig attribute)
ArtifactKitPayload (class in dissect.cobaltstrike.artifact)
as_dict() (dissect.cobaltstrike.c2profile.C2Profile method)
as_text() (dissect.cobaltstrike.c2profile.C2Profile method)
B
bconfig (dissect.cobaltstrike.c2.C2Http attribute)
(dissect.cobaltstrike.pcap.BeaconCapture attribute)
beacon_config_offset (dissect.cobaltstrike.guardrails.GuardrailMetadata attribute)
BEACON_CONFIG_PATCH_SIZE (in module dissect.cobaltstrike.guardrails)
beacon_gate_options_string() (in module dissect.cobaltstrike.beacon)
beacon_keys (dissect.cobaltstrike.c2.C2Http attribute)
beacon_xor_key (dissect.cobaltstrike.guardrails.GuardrailMetadata attribute)
BeaconCallback (class in dissect.cobaltstrike.c_c2)
BeaconCapture (class in dissect.cobaltstrike.pcap)
BeaconCommand (class in dissect.cobaltstrike.c_c2)
BeaconConfig (class in dissect.cobaltstrike.beacon)
BeaconGateBlock (class in dissect.cobaltstrike.c2profile)
BeaconGateOptions (in module dissect.cobaltstrike.beacon)
BeaconKeys (class in dissect.cobaltstrike.c2)
BeaconMetadata (in module dissect.cobaltstrike.c_c2)
BeaconProtocol (in module dissect.cobaltstrike.beacon)
BeaconSetting (in module dissect.cobaltstrike.beacon)
BeaconVersion (class in dissect.cobaltstrike.version)
body (dissect.cobaltstrike.c2.HttpRequest attribute)
(dissect.cobaltstrike.c2.HttpResponse attribute)
BofAllocator (in module dissect.cobaltstrike.beacon)
buffer (dissect.cobaltstrike.c2profile.StringIterator attribute)
build_parser() (in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2profile)
(in module dissect.cobaltstrike.client)
C
C2_DEF (in module dissect.cobaltstrike.c_c2)
C2Data (class in dissect.cobaltstrike.c2)
C2Http (class in dissect.cobaltstrike.c2)
c2http (dissect.cobaltstrike.pcap.BeaconCapture attribute)
C2Packet (in module dissect.cobaltstrike.c2)
c2packet_to_record() (in module dissect.cobaltstrike.c2)
(in module dissect.cobaltstrike.pcap)
C2Profile (class in dissect.cobaltstrike.c2profile)
c2profile_parser (in module dissect.cobaltstrike.c2profile)
c2struct (in module dissect.cobaltstrike.c_c2)
c_guardrails (in module dissect.cobaltstrike.guardrails)
C_GUARDRAILS_DEF (in module dissect.cobaltstrike.guardrails)
CALLBACK_ACCEPT (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_CHUNK_ALLOCATE (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_CHUNK_SEND (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_CLOSE (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_CONNECT (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_DEAD (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_ERROR (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_FILE (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_FILE_CLOSE (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_FILE_WRITE (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_HASHDUMP (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_JOBS (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_KEYSTROKES (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_NETVIEW (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_OUTPUT (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_OUTPUT_OEM (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_OUTPUT_UTF8 (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PENDING (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PING (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PIPE_CLOSE (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PIPE_OPEN (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PIPE_PING (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PIPE_READ (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PORTSCAN (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_POST_ERROR (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_POST_REPLAY_ERROR (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PROCESS_LIST (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_PWD (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_READ (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_SCREENSHOT (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_SSH_STATUS (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_TOKEN_GETUID (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CALLBACK_TOKEN_STOLEN (dissect.cobaltstrike.c_c2.BeaconCallback attribute)
CallbackDebugMessage() (in module dissect.cobaltstrike.client)
CallbackError() (in module dissect.cobaltstrike.client)
CallbackOutputMessage() (in module dissect.cobaltstrike.client)
CallbackPacket (in module dissect.cobaltstrike.c_c2)
catch_all() (dissect.cobaltstrike.client.HttpBeaconClient method)
catch_sigpipe() (in module dissect.cobaltstrike.utils)
checksum (dissect.cobaltstrike.guardrails.GuardrailMetadata attribute)
checksum8() (in module dissect.cobaltstrike.utils)
ciphertext (dissect.cobaltstrike.c2.EncryptedPacket attribute)
cleanup (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
ClientC2Data (class in dissect.cobaltstrike.c2)
closehandle (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
COMMAND_ARGUE_ADD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_ARGUE_LIST (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_ARGUE_REMOVE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_BLOCKDLLS (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_CANCEL_DOWNLOAD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_CD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_CHECKIN (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_CLOSE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_CONNECT (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_DIE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_DLL_LOAD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_DOWNLOAD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_ELEVATE_POST (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_ELEVATE_PRE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_EXECUTE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_EXECUTE_JOB (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_FILE_COPY (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_FILE_DRIVES (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_FILE_LIST (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_FILE_MKDIR (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_FILE_MOVE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_FILE_RM (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_GETPRIVS (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECT_PID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECT_PID_PING (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECT_PING (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECT_POWERSHELLX64_PID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECT_POWERSHELLX86_PID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECTX64_PID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECTX64_PID_PING (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INJECTX64_PING (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INLINE_EXECUTE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_INLINE_EXECUTE_OBJECT (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_KILL (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_REGISTER (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_REGISTER_IMPERSONATE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_REGISTER_MSGMODE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_SPAWN_TOKEN_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_SPAWN_TOKEN_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_SPAWN_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOB_SPAWN_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_JOBS (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_KEYLOG_START (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_KEYLOG_STOP (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_LISTEN (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_LOGINUSER (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_LSOCKET_BIND (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_LSOCKET_BIND_LOCALHOST (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_LSOCKET_CLOSE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_LSOCKET_TCPPIVOT (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_NOOP (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PAUSE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PIPE_CLOSE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PIPE_OPEN_EXPLICIT (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PIPE_REOPEN (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PIPE_ROUTE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PPID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PS_KILL (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PS_LIST (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PSH_HOST_TCP (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PSH_IMPORT (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_PWD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_REG_QUERY (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_RUN_INJECT_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_RUN_INJECT_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_RUN_UNDER_PID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_RUNAS (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SEND (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SETENV (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SHELL (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SLEEP (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN_POWERSHELLX64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN_POWERSHELLX86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN_PROC_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN_PROC_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN_TOKEN_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWN_TOKEN_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWNAS_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWNAS_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWNU_X64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWNU_X86 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_SPAWNX64 (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_STAGE_PAYLOAD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_STAGE_PAYLOAD_SMB (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_STEAL_TOKEN (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_TCP_CONNECT (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_TIMESTOMP (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_TOKEN_GETUID (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_TOKEN_REV2SELF (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_UPLOAD (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_UPLOAD_CONTINUE (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
COMMAND_WEBSERVER_LOCAL (dissect.cobaltstrike.c_c2.BeaconCommand attribute)
comms (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
COMPUTERNAME_TEMPLATES (in module dissect.cobaltstrike.client)
config_block (dissect.cobaltstrike.beacon.BeaconConfig attribute)
ConfigBlock (class in dissect.cobaltstrike.c2profile)
core (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
createfilemappinga (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
createremotethread (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
(dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
createremotethread_special (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
createthread (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
(dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
createthread_special (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
CryptoScheme (in module dissect.cobaltstrike.beacon)
CS_DEF (in module dissect.cobaltstrike.beacon)
cs_struct (in module dissect.cobaltstrike.beacon)
D
DataTransformBlock (class in dissect.cobaltstrike.c2profile)
date (dissect.cobaltstrike.version.BeaconVersion attribute)
decrypt_data() (in module dissect.cobaltstrike.c2)
decrypt_metadata() (in module dissect.cobaltstrike.c2)
decrypt_packet() (in module dissect.cobaltstrike.c2)
DEFAULT_AES_IV (dissect.cobaltstrike.c2.BeaconKeys attribute)
DEFAULT_XOR_KEYS (in module dissect.cobaltstrike.beacon)
DeprecatedBeaconSetting (in module dissect.cobaltstrike.beacon)
derive_aes_hmac_keys() (in module dissect.cobaltstrike.c2)
dissect.cobaltstrike
module
dissect.cobaltstrike.artifact
module
dissect.cobaltstrike.beacon
module
dissect.cobaltstrike.c2
module
dissect.cobaltstrike.c2profile
module
dissect.cobaltstrike.c_c2
module
dissect.cobaltstrike.client
module
dissect.cobaltstrike.guardrails
module
dissect.cobaltstrike.pcap
module
dissect.cobaltstrike.pe
module
dissect.cobaltstrike.utils
module
dissect.cobaltstrike.version
module
dissect.cobaltstrike.xordecode
module
DnsBeaconBlock (class in dissect.cobaltstrike.c2profile)
domain_uri_pairs (dissect.cobaltstrike.beacon.BeaconConfig property)
domains (dissect.cobaltstrike.beacon.BeaconConfig property)
DOSHEADER_X64 (in module dissect.cobaltstrike.pe)
DOSHEADER_X86 (in module dissect.cobaltstrike.pe)
dumps() (dissect.cobaltstrike.c2.EncryptedPacket method)
duplicatehandle (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
E
enable_reprlib_c2() (in module dissect.cobaltstrike.c2)
enable_reprlib_cstruct() (in module dissect.cobaltstrike.utils)
enable_reprlib_flow_record() (in module dissect.cobaltstrike.utils)
encrypt_data() (in module dissect.cobaltstrike.c2)
encrypt_metadata() (in module dissect.cobaltstrike.c2)
encrypt_packet() (in module dissect.cobaltstrike.c2)
EncryptedPacket (class in dissect.cobaltstrike.c2)
EOF_SHELLCODE_MARKER (dissect.cobaltstrike.xordecode.XorEncodedFile attribute)
ExecuteOptionsBlock (class in dissect.cobaltstrike.c2profile)
exitthread (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
extract_beacons (dissect.cobaltstrike.pcap.BeaconCapture attribute)
F
fh (dissect.cobaltstrike.xordecode.XorEncodedFile attribute)
find_architecture() (in module dissect.cobaltstrike.pe)
find_beacon_config_bytes() (in module dissect.cobaltstrike.beacon)
find_compile_stamps() (in module dissect.cobaltstrike.pe)
find_magic_mz() (in module dissect.cobaltstrike.pe)
find_magic_pe() (in module dissect.cobaltstrike.pe)
find_mz_offset() (in module dissect.cobaltstrike.pe)
find_stage_prepend_append() (in module dissect.cobaltstrike.pe)
find_staged_beacon() (dissect.cobaltstrike.pcap.BeaconCapture method)
find_xor_key_candidates() (in module dissect.cobaltstrike.guardrails)
FIRST_NAMES (in module dissect.cobaltstrike.client)
from_aes_rand() (dissect.cobaltstrike.c2.BeaconKeys class method)
from_beacon_config() (dissect.cobaltstrike.c2profile.C2Profile class method)
from_beacon_gate_option_strings() (dissect.cobaltstrike.c2profile.BeaconGateBlock class method)
from_beacon_metadata() (dissect.cobaltstrike.c2.BeaconKeys class method)
from_bytes() (dissect.cobaltstrike.beacon.BeaconConfig class method)
from_execute_list() (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock class method)
from_file() (dissect.cobaltstrike.beacon.BeaconConfig class method)
(dissect.cobaltstrike.xordecode.XorEncodedFile class method)
from_max_setting_enum() (dissect.cobaltstrike.version.BeaconVersion class method)
from_path() (dissect.cobaltstrike.beacon.BeaconConfig class method)
(dissect.cobaltstrike.c2profile.C2Profile class method)
(dissect.cobaltstrike.xordecode.XorEncodedFile class method)
from_pe_export_stamp() (dissect.cobaltstrike.version.BeaconVersion class method)
from_text() (dissect.cobaltstrike.c2profile.C2Profile class method)
G
get_handlers() (dissect.cobaltstrike.client.HttpBeaconClient method)
get_sleep_time() (dissect.cobaltstrike.client.HttpBeaconClient method)
get_task() (dissect.cobaltstrike.client.HttpBeaconClient method)
get_transform_for_http() (dissect.cobaltstrike.c2.C2Http method)
get_uris (dissect.cobaltstrike.c2.C2Http attribute)
get_verb (dissect.cobaltstrike.c2.C2Http attribute)
getthreadcontext (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
grouper() (in module dissect.cobaltstrike.utils)
guard_config_offset (dissect.cobaltstrike.guardrails.GuardrailMetadata attribute)
GUARD_CONFIG_STARTS (in module dissect.cobaltstrike.guardrails)
GUARD_PATCH_SIZE (in module dissect.cobaltstrike.guardrails)
GuardOption (in module dissect.cobaltstrike.guardrails)
guardrail_xor_key (dissect.cobaltstrike.guardrails.GuardrailMetadata attribute)
GuardrailMetadata (class in dissect.cobaltstrike.guardrails)
guardrails (dissect.cobaltstrike.beacon.BeaconConfig attribute)
GuardrailSetting (in module dissect.cobaltstrike.guardrails)
H
handle() (dissect.cobaltstrike.client.HttpBeaconClient method)
has_next() (dissect.cobaltstrike.c2profile.StringIterator method)
header (dissect.cobaltstrike.c2profile.HttpConfigBlock attribute)
(dissect.cobaltstrike.c2profile.HttpOptionsBlock attribute)
headers (dissect.cobaltstrike.c2.HttpRequest attribute)
(dissect.cobaltstrike.c2.HttpResponse attribute)
hints (dissect.cobaltstrike.artifact.ArtifactKitPayload attribute)
hmac_key (dissect.cobaltstrike.c2.BeaconKeys attribute)
(dissect.cobaltstrike.c2.C2Http attribute)
(dissect.cobaltstrike.pcap.BeaconCapture attribute)
HttpBeaconBlock (class in dissect.cobaltstrike.c2profile)
HttpBeaconClient (class in dissect.cobaltstrike.client)
HttpConfigBlock (class in dissect.cobaltstrike.c2profile)
HttpDataTransform (class in dissect.cobaltstrike.c2)
HttpGetBlock (class in dissect.cobaltstrike.c2profile)
HttpOptionsBlock (class in dissect.cobaltstrike.c2profile)
HttpPostBlock (class in dissect.cobaltstrike.c2profile)
HttpRequest (class in dissect.cobaltstrike.c2)
HttpResponse (class in dissect.cobaltstrike.c2)
HttpStagerBlock (class in dissect.cobaltstrike.c2profile)
I
id (dissect.cobaltstrike.c2.C2Data attribute)
index (dissect.cobaltstrike.c2profile.StringIterator attribute)
init_kwargs() (dissect.cobaltstrike.c2profile.ConfigBlock method)
initial_nonce (dissect.cobaltstrike.xordecode.XorEncodedFile attribute)
InjectAllocator (in module dissect.cobaltstrike.beacon)
InjectExecutor (in module dissect.cobaltstrike.beacon)
internetconnecta (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
internetopena (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
is_stager_x64() (in module dissect.cobaltstrike.utils)
is_stager_x86() (in module dissect.cobaltstrike.utils)
is_trial (dissect.cobaltstrike.beacon.BeaconConfig property)
iter_artifactkit_payloads() (in module dissect.cobaltstrike.artifact)
iter_beacon_config_blocks() (in module dissect.cobaltstrike.beacon)
iter_encrypted_packets() (dissect.cobaltstrike.c2.ClientC2Data method)
(dissect.cobaltstrike.c2.ServerC2Data method)
iter_find_needle() (in module dissect.cobaltstrike.utils)
iter_guardrail_configs() (in module dissect.cobaltstrike.guardrails)
iter_guardrail_configs_with_beacon() (in module dissect.cobaltstrike.guardrails)
iter_nonce_offsets() (in module dissect.cobaltstrike.xordecode)
iter_parse_pcap() (dissect.cobaltstrike.pcap.BeaconCapture method)
iter_recover_http() (dissect.cobaltstrike.c2.C2Http method)
iter_settings() (in module dissect.cobaltstrike.beacon)
iv (dissect.cobaltstrike.c2.BeaconKeys attribute)
J
jitter (dissect.cobaltstrike.beacon.BeaconConfig property)
K
killdate (dissect.cobaltstrike.beacon.BeaconConfig property)
L
LAST_NAMES (in module dissect.cobaltstrike.client)
log (in module dissect.cobaltstrike.guardrails)
log_task() (in module dissect.cobaltstrike.client)
logger (dissect.cobaltstrike.client.HttpBeaconClient attribute)
(in module dissect.cobaltstrike.artifact)
(in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2)
(in module dissect.cobaltstrike.c2profile)
(in module dissect.cobaltstrike.client)
(in module dissect.cobaltstrike.pcap)
(in module dissect.cobaltstrike.pe)
(in module dissect.cobaltstrike.xordecode)
LRUDict (class in dissect.cobaltstrike.utils)
M
main() (in module dissect.cobaltstrike.artifact)
(in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2profile)
(in module dissect.cobaltstrike.client)
(in module dissect.cobaltstrike.pcap)
(in module dissect.cobaltstrike.xordecode)
make_byte_list() (in module dissect.cobaltstrike.beacon)
mapviewoffile (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
masked_beacon_config (dissect.cobaltstrike.guardrails.GuardrailMetadata attribute)
masked_guard_config (dissect.cobaltstrike.guardrails.GuardrailMetadata attribute)
MAX_ENUM_TO_VERSION (in module dissect.cobaltstrike.version)
max_setting_enum (dissect.cobaltstrike.beacon.BeaconConfig property)
maxsize (dissect.cobaltstrike.utils.LRUDict attribute)
metadata (dissect.cobaltstrike.c2.C2Data attribute)
metadata_cache (dissect.cobaltstrike.c2.C2Http attribute)
method (dissect.cobaltstrike.c2.HttpRequest attribute)
module
dissect.cobaltstrike
dissect.cobaltstrike.artifact
dissect.cobaltstrike.beacon
dissect.cobaltstrike.c2
dissect.cobaltstrike.c2profile
dissect.cobaltstrike.c_c2
dissect.cobaltstrike.client
dissect.cobaltstrike.guardrails
dissect.cobaltstrike.pcap
dissect.cobaltstrike.pe
dissect.cobaltstrike.utils
dissect.cobaltstrike.version
dissect.cobaltstrike.xordecode
N
namedtuple_reprlib_repr() (in module dissect.cobaltstrike.utils)
netbios_decode() (in module dissect.cobaltstrike.utils)
netbios_encode() (in module dissect.cobaltstrike.utils)
next() (dissect.cobaltstrike.c2profile.StringIterator method)
nonce_offset (dissect.cobaltstrike.xordecode.XorEncodedFile attribute)
nonced_filesize (dissect.cobaltstrike.xordecode.XorEncodedFile attribute)
none (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
ntqueueapcthread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
ntqueueapcthread_s (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
null_terminated_bytes() (in module dissect.cobaltstrike.beacon)
null_terminated_str() (in module dissect.cobaltstrike.beacon)
O
offset (dissect.cobaltstrike.artifact.ArtifactKitPayload attribute)
openprocess (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
openthread (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
output (dissect.cobaltstrike.c2.C2Data attribute)
P
p16 (in module dissect.cobaltstrike.utils)
p16be (in module dissect.cobaltstrike.utils)
p32 (in module dissect.cobaltstrike.utils)
p32be (in module dissect.cobaltstrike.utils)
p64 (in module dissect.cobaltstrike.utils)
p64be (in module dissect.cobaltstrike.utils)
p8 (in module dissect.cobaltstrike.utils)
pack() (in module dissect.cobaltstrike.utils)
pack_be (in module dissect.cobaltstrike.utils)
packet_number_to_request (dissect.cobaltstrike.pcap.BeaconCapture attribute)
packet_to_record() (in module dissect.cobaltstrike.pcap)
PacketRecord (in module dissect.cobaltstrike.pcap)
pad() (in module dissect.cobaltstrike.c2)
parameter (dissect.cobaltstrike.c2profile.HttpOptionsBlock attribute)
params (dissect.cobaltstrike.c2.HttpRequest attribute)
parse_beacon_gate() (in module dissect.cobaltstrike.beacon)
parse_commandline_options() (in module dissect.cobaltstrike.client)
parse_execute_list() (in module dissect.cobaltstrike.beacon)
parse_gargle() (in module dissect.cobaltstrike.beacon)
parse_pivot_frame() (in module dissect.cobaltstrike.beacon)
parse_process_injection_transform_steps() (in module dissect.cobaltstrike.beacon)
parse_raw_http() (in module dissect.cobaltstrike.c2)
parse_recover_binary() (in module dissect.cobaltstrike.beacon)
parse_transform_binary() (in module dissect.cobaltstrike.beacon)
payload (dissect.cobaltstrike.artifact.ArtifactKitPayload attribute)
payload_checksum() (in module dissect.cobaltstrike.guardrails)
payload_xor_key (dissect.cobaltstrike.guardrails.GuardrailMetadata attribute)
pcap (dissect.cobaltstrike.pcap.BeaconCapture attribute)
pe_compile_stamp (dissect.cobaltstrike.beacon.BeaconConfig attribute)
PE_DEF (in module dissect.cobaltstrike.pe)
pe_export_stamp (dissect.cobaltstrike.beacon.BeaconConfig attribute)
PE_EXPORT_STAMP_TO_VERSION (in module dissect.cobaltstrike.version)
pestruct (in module dissect.cobaltstrike.pe)
port (dissect.cobaltstrike.beacon.BeaconConfig property)
PostExBlock (class in dissect.cobaltstrike.c2profile)
print_settings() (dissect.cobaltstrike.client.HttpBeaconClient method)
priv (dissect.cobaltstrike.c2.C2Http attribute)
PROCESS_NAMES (in module dissect.cobaltstrike.client)
ProcessInjectBlock (class in dissect.cobaltstrike.c2profile)
properties (dissect.cobaltstrike.c2profile.C2Profile property)
protocol (dissect.cobaltstrike.beacon.BeaconConfig property)
ProxyServer (in module dissect.cobaltstrike.beacon)
pub (dissect.cobaltstrike.c2.C2Http attribute)
public_key (dissect.cobaltstrike.beacon.BeaconConfig property)
R
raise_for_signature() (dissect.cobaltstrike.c2.EncryptedPacket method)
random_computer_name() (in module dissect.cobaltstrike.client)
random_internal_ip() (in module dissect.cobaltstrike.client)
random_process_name() (in module dissect.cobaltstrike.client)
random_stager_uri() (in module dissect.cobaltstrike.utils)
random_username_name() (in module dissect.cobaltstrike.client)
random_windows_ver() (in module dissect.cobaltstrike.client)
raw_http_from_packet() (in module dissect.cobaltstrike.pcap)
raw_settings (dissect.cobaltstrike.beacon.BeaconConfig property)
raw_settings_by_index (dissect.cobaltstrike.beacon.BeaconConfig property)
read() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
read_nonce() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
readprocessmemory (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
reason (dissect.cobaltstrike.c2.HttpResponse attribute)
recover() (dissect.cobaltstrike.c2.HttpDataTransform method)
REGEX_VERSION (dissect.cobaltstrike.version.BeaconVersion attribute)
register_task() (dissect.cobaltstrike.client.HttpBeaconClient method)
request (dissect.cobaltstrike.c2.HttpResponse attribute)
resumethread (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
retain_file_offset() (in module dissect.cobaltstrike.utils)
rsa_private_key (dissect.cobaltstrike.pcap.BeaconCapture attribute)
rsteps (dissect.cobaltstrike.c2.HttpDataTransform attribute)
rtlcreateuserthread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
run() (dissect.cobaltstrike.client.HttpBeaconClient method)
S
seek() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
send_callback() (dissect.cobaltstrike.client.HttpBeaconClient method)
ServerC2Data (class in dissect.cobaltstrike.c2)
set_config_block() (dissect.cobaltstrike.c2profile.ConfigBlock method)
set_non_empty_config_block() (dissect.cobaltstrike.c2profile.ConfigBlock method)
set_option() (dissect.cobaltstrike.c2profile.C2Profile method)
(dissect.cobaltstrike.c2profile.ConfigBlock method)
setthreadcontext (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
(dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
Setting (in module dissect.cobaltstrike.beacon)
setting_enums (dissect.cobaltstrike.beacon.BeaconConfig property)
SETTING_TO_PRETTYFUNC (in module dissect.cobaltstrike.beacon)
settings (dissect.cobaltstrike.beacon.BeaconConfig property)
(dissect.cobaltstrike.guardrails.GuardrailMetadata attribute)
settings_by_index (dissect.cobaltstrike.beacon.BeaconConfig property)
settings_map() (dissect.cobaltstrike.beacon.BeaconConfig method)
settings_tuple (dissect.cobaltstrike.beacon.BeaconConfig attribute)
SettingsType (in module dissect.cobaltstrike.beacon)
sha256sum_pubkey() (in module dissect.cobaltstrike.beacon)
signature (dissect.cobaltstrike.c2.EncryptedPacket attribute)
size (dissect.cobaltstrike.artifact.ArtifactKitPayload attribute)
sleeptime (dissect.cobaltstrike.beacon.BeaconConfig property)
StageBlock (class in dissect.cobaltstrike.c2profile)
StageTransformBlock (class in dissect.cobaltstrike.c2profile)
status (dissect.cobaltstrike.c2.HttpResponse attribute)
steps (dissect.cobaltstrike.c2profile.DataTransformBlock attribute)
string_token_to_bytes() (in module dissect.cobaltstrike.c2profile)
StringIterator (class in dissect.cobaltstrike.c2profile)
strrep (dissect.cobaltstrike.c2profile.StageTransformBlock attribute)
submit_uri (dissect.cobaltstrike.beacon.BeaconConfig property)
(dissect.cobaltstrike.c2.C2Http attribute)
submit_verb (dissect.cobaltstrike.c2.C2Http attribute)
T
task_map (dissect.cobaltstrike.client.HttpBeaconClient attribute)
TaskPacket (in module dissect.cobaltstrike.c_c2)
tell() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
termination (dissect.cobaltstrike.c2profile.DataTransformBlock attribute)
transform() (dissect.cobaltstrike.c2.HttpDataTransform method)
transform_get (dissect.cobaltstrike.c2.C2Http attribute)
transform_response (dissect.cobaltstrike.c2.C2Http attribute)
transform_submit (dissect.cobaltstrike.c2.C2Http attribute)
TransformStep (in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2)
tree (dissect.cobaltstrike.c2profile.ConfigBlock attribute)
(dissect.cobaltstrike.c2profile.DataTransformBlock property)
tsteps (dissect.cobaltstrike.c2.HttpDataTransform attribute)
tuple (dissect.cobaltstrike.version.BeaconVersion attribute)
typedef_for_enum() (in module dissect.cobaltstrike.c_c2)
U
u16 (in module dissect.cobaltstrike.utils)
u16be (in module dissect.cobaltstrike.utils)
u32 (in module dissect.cobaltstrike.utils)
u32be (in module dissect.cobaltstrike.utils)
u64 (in module dissect.cobaltstrike.utils)
u64be (in module dissect.cobaltstrike.utils)
u8 (in module dissect.cobaltstrike.utils)
unmapviewoffile (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
unmasked_beacon_config (dissect.cobaltstrike.guardrails.GuardrailMetadata attribute)
unmasked_guard_config (dissect.cobaltstrike.guardrails.GuardrailMetadata attribute)
unpack() (in module dissect.cobaltstrike.utils)
unpack_be (in module dissect.cobaltstrike.utils)
uri (dissect.cobaltstrike.c2.HttpRequest attribute)
uris (dissect.cobaltstrike.beacon.BeaconConfig property)
V
value_to_string() (in module dissect.cobaltstrike.c2profile)
verify_hmac (dissect.cobaltstrike.c2.C2Http attribute)
(dissect.cobaltstrike.pcap.BeaconCapture attribute)
version (dissect.cobaltstrike.beacon.BeaconConfig property)
(dissect.cobaltstrike.version.BeaconVersion attribute)
version_only (dissect.cobaltstrike.version.BeaconVersion property)
version_string (dissect.cobaltstrike.version.BeaconVersion property)
virtualalloc (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
virtualallocex (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
virtualfree (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
virtualprotect (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
virtualprotextex (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
virtualquery (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
W
watermark (dissect.cobaltstrike.beacon.BeaconConfig property)
writeprocessmemory (dissect.cobaltstrike.c2profile.BeaconGateBlock attribute)
X
xor() (in module dissect.cobaltstrike.utils)
xorencoded (dissect.cobaltstrike.beacon.BeaconConfig attribute)
XorEncodedFile (class in dissect.cobaltstrike.xordecode)
xorkey (dissect.cobaltstrike.artifact.ArtifactKitPayload attribute)
(dissect.cobaltstrike.beacon.BeaconConfig attribute)