dissect.cobaltstrike
v0.2.0
Overview
Installation
Examples
Tools
beacon-dump
beacon-xordecode
c2profile-dump
Reference
API reference
Structure definitions
C2Profile grammar
dissect.cobaltstrike
»
Index
Edit on GitHub
Index
_
|
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
K
|
L
|
M
|
N
|
P
|
R
|
S
|
T
|
U
|
V
|
W
|
X
_
__iter__() (dissect.cobaltstrike.c2profile.StringIterator method)
__name__ (dissect.cobaltstrike.c2profile.C2Profile attribute)
(dissect.cobaltstrike.c2profile.ConfigBlock attribute)
(dissect.cobaltstrike.c2profile.DataTransformBlock attribute)
(dissect.cobaltstrike.c2profile.DnsBeaconBlock attribute)
(dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
(dissect.cobaltstrike.c2profile.HttpConfigBlock attribute)
(dissect.cobaltstrike.c2profile.HttpGetBlock attribute)
(dissect.cobaltstrike.c2profile.HttpOptionsBlock attribute)
(dissect.cobaltstrike.c2profile.HttpPostBlock attribute)
(dissect.cobaltstrike.c2profile.HttpStagerBlock attribute)
(dissect.cobaltstrike.c2profile.PostExBlock attribute)
(dissect.cobaltstrike.c2profile.ProcessInjectBlock attribute)
(dissect.cobaltstrike.c2profile.StageBlock attribute)
(dissect.cobaltstrike.c2profile.StageTransformBlock attribute)
__next__() (dissect.cobaltstrike.c2profile.StringIterator method)
__repr__() (dissect.cobaltstrike.beacon.BeaconConfig method)
(dissect.cobaltstrike.version.BeaconVersion method)
(dissect.cobaltstrike.xordecode.XorEncodedFile method)
__str__() (dissect.cobaltstrike.c2profile.C2Profile method)
(dissect.cobaltstrike.version.BeaconVersion method)
_enable() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_header() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_pair() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_parameter() (dissect.cobaltstrike.c2profile.ConfigBlock method)
A
add_step() (dissect.cobaltstrike.c2profile.DataTransformBlock method)
add_termination() (dissect.cobaltstrike.c2profile.DataTransformBlock method)
architecture (dissect.cobaltstrike.beacon.BeaconConfig attribute)
as_dict() (dissect.cobaltstrike.c2profile.C2Profile method)
as_text() (dissect.cobaltstrike.c2profile.C2Profile method)
B
BeaconConfig (class in dissect.cobaltstrike.beacon)
BeaconProtocol (in module dissect.cobaltstrike.beacon)
BeaconSetting (in module dissect.cobaltstrike.beacon)
BeaconVersion (class in dissect.cobaltstrike.version)
build_parser() (in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2profile)
(in module dissect.cobaltstrike.xordecode)
C
C2Profile (class in dissect.cobaltstrike.c2profile)
c2profile_parser (in module dissect.cobaltstrike.c2profile)
catch_sigpipe() (in module dissect.cobaltstrike.utils)
checksum8() (in module dissect.cobaltstrike.utils)
config_block (dissect.cobaltstrike.beacon.BeaconConfig attribute)
ConfigBlock (class in dissect.cobaltstrike.c2profile)
createremotethread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
createremotethread_special (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
createthread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
createthread_special (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
CryptoScheme (in module dissect.cobaltstrike.beacon)
CS_DEF (in module dissect.cobaltstrike.beacon)
cs_struct (in module dissect.cobaltstrike.beacon)
D
DataTransformBlock (class in dissect.cobaltstrike.c2profile)
date (dissect.cobaltstrike.version.BeaconVersion attribute)
DEFAULT_XOR_KEYS (in module dissect.cobaltstrike.beacon)
DeprecatedBeaconSetting (in module dissect.cobaltstrike.beacon)
dissect.cobaltstrike
module
dissect.cobaltstrike.beacon
module
dissect.cobaltstrike.c2profile
module
dissect.cobaltstrike.pe
module
dissect.cobaltstrike.utils
module
dissect.cobaltstrike.version
module
dissect.cobaltstrike.xordecode
module
DnsBeaconBlock (class in dissect.cobaltstrike.c2profile)
domain_uri_pairs (dissect.cobaltstrike.beacon.BeaconConfig property)
domains (dissect.cobaltstrike.beacon.BeaconConfig property)
DOSHEADER_X64 (in module dissect.cobaltstrike.pe)
DOSHEADER_X86 (in module dissect.cobaltstrike.pe)
E
EOF_SHELLCODE_MARKER (dissect.cobaltstrike.xordecode.XorEncodedFile attribute)
ExecuteOptionsBlock (class in dissect.cobaltstrike.c2profile)
F
find_architecture() (in module dissect.cobaltstrike.pe)
find_beacon_config_bytes() (in module dissect.cobaltstrike.beacon)
find_compile_stamps() (in module dissect.cobaltstrike.pe)
find_magic_mz() (in module dissect.cobaltstrike.pe)
find_magic_pe() (in module dissect.cobaltstrike.pe)
find_mz_offset() (in module dissect.cobaltstrike.pe)
find_stage_prepend_append() (in module dissect.cobaltstrike.pe)
from_beacon_config() (dissect.cobaltstrike.c2profile.C2Profile class method)
from_bytes() (dissect.cobaltstrike.beacon.BeaconConfig class method)
from_execute_list() (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock class method)
from_file() (dissect.cobaltstrike.beacon.BeaconConfig class method)
(dissect.cobaltstrike.xordecode.XorEncodedFile class method)
from_max_setting_enum() (dissect.cobaltstrike.version.BeaconVersion class method)
from_path() (dissect.cobaltstrike.beacon.BeaconConfig class method)
(dissect.cobaltstrike.c2profile.C2Profile class method)
(dissect.cobaltstrike.xordecode.XorEncodedFile class method)
from_pe_export_stamp() (dissect.cobaltstrike.version.BeaconVersion class method)
from_text() (dissect.cobaltstrike.c2profile.C2Profile class method)
G
grouper() (in module dissect.cobaltstrike.beacon)
H
has_next() (dissect.cobaltstrike.c2profile.StringIterator method)
header (dissect.cobaltstrike.c2profile.HttpConfigBlock attribute)
(dissect.cobaltstrike.c2profile.HttpOptionsBlock attribute)
HttpConfigBlock (class in dissect.cobaltstrike.c2profile)
HttpGetBlock (class in dissect.cobaltstrike.c2profile)
HttpOptionsBlock (class in dissect.cobaltstrike.c2profile)
HttpPostBlock (class in dissect.cobaltstrike.c2profile)
HttpStagerBlock (class in dissect.cobaltstrike.c2profile)
I
init_kwargs() (dissect.cobaltstrike.c2profile.ConfigBlock method)
InjectAllocator (in module dissect.cobaltstrike.beacon)
InjectExecutor (in module dissect.cobaltstrike.beacon)
is_stager_x64() (in module dissect.cobaltstrike.utils)
is_stager_x86() (in module dissect.cobaltstrike.utils)
is_trial (dissect.cobaltstrike.beacon.BeaconConfig property)
iter_beacon_config_blocks() (in module dissect.cobaltstrike.beacon)
iter_find_needle() (in module dissect.cobaltstrike.utils)
iter_nonce_offsets() (in module dissect.cobaltstrike.xordecode)
iter_settings() (in module dissect.cobaltstrike.beacon)
K
killdate (dissect.cobaltstrike.beacon.BeaconConfig property)
L
logger (in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2profile)
(in module dissect.cobaltstrike.pe)
(in module dissect.cobaltstrike.xordecode)
M
main() (in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2profile)
(in module dissect.cobaltstrike.xordecode)
make_byte_list() (in module dissect.cobaltstrike.beacon)
MAX_ENUM_TO_VERSION (in module dissect.cobaltstrike.version)
max_setting_enum (dissect.cobaltstrike.beacon.BeaconConfig property)
module
dissect.cobaltstrike
dissect.cobaltstrike.beacon
dissect.cobaltstrike.c2profile
dissect.cobaltstrike.pe
dissect.cobaltstrike.utils
dissect.cobaltstrike.version
dissect.cobaltstrike.xordecode
N
next() (dissect.cobaltstrike.c2profile.StringIterator method)
ntqueueapcthread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
ntqueueapcthread_s (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
null_terminated_bytes() (in module dissect.cobaltstrike.beacon)
null_terminated_str() (in module dissect.cobaltstrike.beacon)
P
p16 (in module dissect.cobaltstrike.utils)
p16be (in module dissect.cobaltstrike.utils)
p32 (in module dissect.cobaltstrike.utils)
p32be (in module dissect.cobaltstrike.utils)
p8 (in module dissect.cobaltstrike.utils)
pack() (in module dissect.cobaltstrike.utils)
pack_be (in module dissect.cobaltstrike.utils)
parameter (dissect.cobaltstrike.c2profile.HttpOptionsBlock attribute)
parse_execute_list() (in module dissect.cobaltstrike.beacon)
parse_gargle() (in module dissect.cobaltstrike.beacon)
parse_pivot_frame() (in module dissect.cobaltstrike.beacon)
parse_process_injection_transform_steps() (in module dissect.cobaltstrike.beacon)
parse_recover_binary() (in module dissect.cobaltstrike.beacon)
parse_transform_binary() (in module dissect.cobaltstrike.beacon)
pe_compile_stamp (dissect.cobaltstrike.beacon.BeaconConfig attribute)
PE_DEF (in module dissect.cobaltstrike.pe)
pe_export_stamp (dissect.cobaltstrike.beacon.BeaconConfig attribute)
PE_EXPORT_STAMP_TO_VERSION (in module dissect.cobaltstrike.version)
pestruct (in module dissect.cobaltstrike.pe)
PostExBlock (class in dissect.cobaltstrike.c2profile)
ProcessInjectBlock (class in dissect.cobaltstrike.c2profile)
properties (dissect.cobaltstrike.c2profile.C2Profile property)
protocol (dissect.cobaltstrike.beacon.BeaconConfig property)
ProxyServer (in module dissect.cobaltstrike.beacon)
R
random_stager_uri() (in module dissect.cobaltstrike.utils)
raw_settings (dissect.cobaltstrike.beacon.BeaconConfig property)
raw_settings_by_index (dissect.cobaltstrike.beacon.BeaconConfig property)
read() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
read_nonce() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
REGEX_VERSION (dissect.cobaltstrike.version.BeaconVersion attribute)
rtlcreateuserthread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
S
seek() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
set_config_block() (dissect.cobaltstrike.c2profile.ConfigBlock method)
set_option() (dissect.cobaltstrike.c2profile.C2Profile method)
(dissect.cobaltstrike.c2profile.ConfigBlock method)
setthreadcontext (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
Setting (in module dissect.cobaltstrike.beacon)
setting_enums (dissect.cobaltstrike.beacon.BeaconConfig property)
SETTING_TO_PRETTYFUNC (in module dissect.cobaltstrike.beacon)
settings (dissect.cobaltstrike.beacon.BeaconConfig property)
settings_by_index (dissect.cobaltstrike.beacon.BeaconConfig property)
settings_map() (dissect.cobaltstrike.beacon.BeaconConfig method)
settings_tuple (dissect.cobaltstrike.beacon.BeaconConfig attribute)
SettingsType (in module dissect.cobaltstrike.beacon)
sha256sum_pubkey() (in module dissect.cobaltstrike.beacon)
StageBlock (class in dissect.cobaltstrike.c2profile)
StageTransformBlock (class in dissect.cobaltstrike.c2profile)
string_token_to_bytes() (in module dissect.cobaltstrike.c2profile)
StringIterator (class in dissect.cobaltstrike.c2profile)
strrep (dissect.cobaltstrike.c2profile.StageTransformBlock attribute)
T
tell() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
TransformStep (in module dissect.cobaltstrike.beacon)
tree (dissect.cobaltstrike.c2profile.DataTransformBlock property)
tuple (dissect.cobaltstrike.version.BeaconVersion attribute)
U
u16 (in module dissect.cobaltstrike.utils)
u16be (in module dissect.cobaltstrike.utils)
u32 (in module dissect.cobaltstrike.utils)
u32be (in module dissect.cobaltstrike.utils)
u8 (in module dissect.cobaltstrike.utils)
unpack() (in module dissect.cobaltstrike.utils)
unpack_be (in module dissect.cobaltstrike.utils)
uris (dissect.cobaltstrike.beacon.BeaconConfig property)
V
value_to_string() (in module dissect.cobaltstrike.c2profile)
version (dissect.cobaltstrike.beacon.BeaconConfig property)
(dissect.cobaltstrike.version.BeaconVersion attribute)
version_only (dissect.cobaltstrike.version.BeaconVersion property)
version_string (dissect.cobaltstrike.version.BeaconVersion property)
W
watermark (dissect.cobaltstrike.beacon.BeaconConfig property)
X
xor() (in module dissect.cobaltstrike.utils)
xorencoded (dissect.cobaltstrike.beacon.BeaconConfig attribute)
XorEncodedFile (class in dissect.cobaltstrike.xordecode)
xorkey (dissect.cobaltstrike.beacon.BeaconConfig attribute)
Read the Docs
v: v0.2.0
Versions
latest
stable
v0.2.0
v0.1.0
Downloads
On Read the Docs
Project Home
Builds