dissect.cobaltstrike
v0.2.2
Overview
Installation
Examples
Tools
beacon-dump
beacon-xordecode
c2profile-dump
Reference
API reference
Structure definitions
C2Profile grammar
dissect.cobaltstrike
»
Index
Edit on GitHub
Index
_
|
A
|
B
|
C
|
D
|
E
|
F
|
G
|
H
|
I
|
K
|
L
|
M
|
N
|
P
|
R
|
S
|
T
|
U
|
V
|
W
|
X
_
__iter__() (dissect.cobaltstrike.c2profile.StringIterator method)
__name__ (dissect.cobaltstrike.c2profile.C2Profile attribute)
(dissect.cobaltstrike.c2profile.ConfigBlock attribute)
(dissect.cobaltstrike.c2profile.DataTransformBlock attribute)
(dissect.cobaltstrike.c2profile.DnsBeaconBlock attribute)
(dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
(dissect.cobaltstrike.c2profile.HttpConfigBlock attribute)
(dissect.cobaltstrike.c2profile.HttpGetBlock attribute)
(dissect.cobaltstrike.c2profile.HttpOptionsBlock attribute)
(dissect.cobaltstrike.c2profile.HttpPostBlock attribute)
(dissect.cobaltstrike.c2profile.HttpStagerBlock attribute)
(dissect.cobaltstrike.c2profile.PostExBlock attribute)
(dissect.cobaltstrike.c2profile.ProcessInjectBlock attribute)
(dissect.cobaltstrike.c2profile.StageBlock attribute)
(dissect.cobaltstrike.c2profile.StageTransformBlock attribute)
__next__() (dissect.cobaltstrike.c2profile.StringIterator method)
__repr__() (dissect.cobaltstrike.beacon.BeaconConfig method)
(dissect.cobaltstrike.version.BeaconVersion method)
(dissect.cobaltstrike.xordecode.XorEncodedFile method)
__str__() (dissect.cobaltstrike.c2profile.C2Profile method)
(dissect.cobaltstrike.version.BeaconVersion method)
_enable() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_header() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_pair() (dissect.cobaltstrike.c2profile.ConfigBlock method)
_parameter() (dissect.cobaltstrike.c2profile.ConfigBlock method)
A
add_step() (dissect.cobaltstrike.c2profile.DataTransformBlock method)
add_termination() (dissect.cobaltstrike.c2profile.DataTransformBlock method)
architecture (dissect.cobaltstrike.beacon.BeaconConfig attribute)
as_dict() (dissect.cobaltstrike.c2profile.C2Profile method)
as_text() (dissect.cobaltstrike.c2profile.C2Profile method)
B
BeaconConfig (class in dissect.cobaltstrike.beacon)
BeaconProtocol (in module dissect.cobaltstrike.beacon)
BeaconSetting (in module dissect.cobaltstrike.beacon)
BeaconVersion (class in dissect.cobaltstrike.version)
build_parser() (in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2profile)
(in module dissect.cobaltstrike.xordecode)
C
C2Profile (class in dissect.cobaltstrike.c2profile)
c2profile_parser (in module dissect.cobaltstrike.c2profile)
catch_sigpipe() (in module dissect.cobaltstrike.utils)
checksum8() (in module dissect.cobaltstrike.utils)
config_block (dissect.cobaltstrike.beacon.BeaconConfig attribute)
ConfigBlock (class in dissect.cobaltstrike.c2profile)
createremotethread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
createremotethread_special (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
createthread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
createthread_special (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
CryptoScheme (in module dissect.cobaltstrike.beacon)
CS_DEF (in module dissect.cobaltstrike.beacon)
cs_struct (in module dissect.cobaltstrike.beacon)
D
DataTransformBlock (class in dissect.cobaltstrike.c2profile)
date (dissect.cobaltstrike.version.BeaconVersion attribute)
DEFAULT_XOR_KEYS (in module dissect.cobaltstrike.beacon)
DeprecatedBeaconSetting (in module dissect.cobaltstrike.beacon)
dissect.cobaltstrike
module
dissect.cobaltstrike.beacon
module
dissect.cobaltstrike.c2profile
module
dissect.cobaltstrike.pe
module
dissect.cobaltstrike.utils
module
dissect.cobaltstrike.version
module
dissect.cobaltstrike.xordecode
module
DnsBeaconBlock (class in dissect.cobaltstrike.c2profile)
domain_uri_pairs (dissect.cobaltstrike.beacon.BeaconConfig property)
domains (dissect.cobaltstrike.beacon.BeaconConfig property)
DOSHEADER_X64 (in module dissect.cobaltstrike.pe)
DOSHEADER_X86 (in module dissect.cobaltstrike.pe)
E
EOF_SHELLCODE_MARKER (dissect.cobaltstrike.xordecode.XorEncodedFile attribute)
ExecuteOptionsBlock (class in dissect.cobaltstrike.c2profile)
F
find_architecture() (in module dissect.cobaltstrike.pe)
find_beacon_config_bytes() (in module dissect.cobaltstrike.beacon)
find_compile_stamps() (in module dissect.cobaltstrike.pe)
find_magic_mz() (in module dissect.cobaltstrike.pe)
find_magic_pe() (in module dissect.cobaltstrike.pe)
find_mz_offset() (in module dissect.cobaltstrike.pe)
find_stage_prepend_append() (in module dissect.cobaltstrike.pe)
from_beacon_config() (dissect.cobaltstrike.c2profile.C2Profile class method)
from_bytes() (dissect.cobaltstrike.beacon.BeaconConfig class method)
from_execute_list() (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock class method)
from_file() (dissect.cobaltstrike.beacon.BeaconConfig class method)
(dissect.cobaltstrike.xordecode.XorEncodedFile class method)
from_max_setting_enum() (dissect.cobaltstrike.version.BeaconVersion class method)
from_path() (dissect.cobaltstrike.beacon.BeaconConfig class method)
(dissect.cobaltstrike.c2profile.C2Profile class method)
(dissect.cobaltstrike.xordecode.XorEncodedFile class method)
from_pe_export_stamp() (dissect.cobaltstrike.version.BeaconVersion class method)
from_text() (dissect.cobaltstrike.c2profile.C2Profile class method)
G
grouper() (in module dissect.cobaltstrike.beacon)
H
has_next() (dissect.cobaltstrike.c2profile.StringIterator method)
header (dissect.cobaltstrike.c2profile.HttpConfigBlock attribute)
(dissect.cobaltstrike.c2profile.HttpOptionsBlock attribute)
HttpConfigBlock (class in dissect.cobaltstrike.c2profile)
HttpGetBlock (class in dissect.cobaltstrike.c2profile)
HttpOptionsBlock (class in dissect.cobaltstrike.c2profile)
HttpPostBlock (class in dissect.cobaltstrike.c2profile)
HttpStagerBlock (class in dissect.cobaltstrike.c2profile)
I
init_kwargs() (dissect.cobaltstrike.c2profile.ConfigBlock method)
InjectAllocator (in module dissect.cobaltstrike.beacon)
InjectExecutor (in module dissect.cobaltstrike.beacon)
is_stager_x64() (in module dissect.cobaltstrike.utils)
is_stager_x86() (in module dissect.cobaltstrike.utils)
is_trial (dissect.cobaltstrike.beacon.BeaconConfig property)
iter_beacon_config_blocks() (in module dissect.cobaltstrike.beacon)
iter_find_needle() (in module dissect.cobaltstrike.utils)
iter_nonce_offsets() (in module dissect.cobaltstrike.xordecode)
iter_settings() (in module dissect.cobaltstrike.beacon)
K
killdate (dissect.cobaltstrike.beacon.BeaconConfig property)
L
logger (in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2profile)
(in module dissect.cobaltstrike.pe)
(in module dissect.cobaltstrike.xordecode)
M
main() (in module dissect.cobaltstrike.beacon)
(in module dissect.cobaltstrike.c2profile)
(in module dissect.cobaltstrike.xordecode)
make_byte_list() (in module dissect.cobaltstrike.beacon)
MAX_ENUM_TO_VERSION (in module dissect.cobaltstrike.version)
max_setting_enum (dissect.cobaltstrike.beacon.BeaconConfig property)
module
dissect.cobaltstrike
dissect.cobaltstrike.beacon
dissect.cobaltstrike.c2profile
dissect.cobaltstrike.pe
dissect.cobaltstrike.utils
dissect.cobaltstrike.version
dissect.cobaltstrike.xordecode
N
next() (dissect.cobaltstrike.c2profile.StringIterator method)
ntqueueapcthread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
ntqueueapcthread_s (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
null_terminated_bytes() (in module dissect.cobaltstrike.beacon)
null_terminated_str() (in module dissect.cobaltstrike.beacon)
P
p16 (in module dissect.cobaltstrike.utils)
p16be (in module dissect.cobaltstrike.utils)
p32 (in module dissect.cobaltstrike.utils)
p32be (in module dissect.cobaltstrike.utils)
p64 (in module dissect.cobaltstrike.utils)
p64be (in module dissect.cobaltstrike.utils)
p8 (in module dissect.cobaltstrike.utils)
pack() (in module dissect.cobaltstrike.utils)
pack_be (in module dissect.cobaltstrike.utils)
parameter (dissect.cobaltstrike.c2profile.HttpOptionsBlock attribute)
parse_execute_list() (in module dissect.cobaltstrike.beacon)
parse_gargle() (in module dissect.cobaltstrike.beacon)
parse_pivot_frame() (in module dissect.cobaltstrike.beacon)
parse_process_injection_transform_steps() (in module dissect.cobaltstrike.beacon)
parse_recover_binary() (in module dissect.cobaltstrike.beacon)
parse_transform_binary() (in module dissect.cobaltstrike.beacon)
pe_compile_stamp (dissect.cobaltstrike.beacon.BeaconConfig attribute)
PE_DEF (in module dissect.cobaltstrike.pe)
pe_export_stamp (dissect.cobaltstrike.beacon.BeaconConfig attribute)
PE_EXPORT_STAMP_TO_VERSION (in module dissect.cobaltstrike.version)
pestruct (in module dissect.cobaltstrike.pe)
PostExBlock (class in dissect.cobaltstrike.c2profile)
ProcessInjectBlock (class in dissect.cobaltstrike.c2profile)
properties (dissect.cobaltstrike.c2profile.C2Profile property)
protocol (dissect.cobaltstrike.beacon.BeaconConfig property)
ProxyServer (in module dissect.cobaltstrike.beacon)
R
random_stager_uri() (in module dissect.cobaltstrike.utils)
raw_settings (dissect.cobaltstrike.beacon.BeaconConfig property)
raw_settings_by_index (dissect.cobaltstrike.beacon.BeaconConfig property)
read() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
read_nonce() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
REGEX_VERSION (dissect.cobaltstrike.version.BeaconVersion attribute)
retain_file_offset() (in module dissect.cobaltstrike.utils)
rtlcreateuserthread (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
S
seek() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
set_config_block() (dissect.cobaltstrike.c2profile.ConfigBlock method)
set_non_empty_config_block() (dissect.cobaltstrike.c2profile.ConfigBlock method)
set_option() (dissect.cobaltstrike.c2profile.C2Profile method)
(dissect.cobaltstrike.c2profile.ConfigBlock method)
setthreadcontext (dissect.cobaltstrike.c2profile.ExecuteOptionsBlock attribute)
Setting (in module dissect.cobaltstrike.beacon)
setting_enums (dissect.cobaltstrike.beacon.BeaconConfig property)
SETTING_TO_PRETTYFUNC (in module dissect.cobaltstrike.beacon)
settings (dissect.cobaltstrike.beacon.BeaconConfig property)
settings_by_index (dissect.cobaltstrike.beacon.BeaconConfig property)
settings_map() (dissect.cobaltstrike.beacon.BeaconConfig method)
settings_tuple (dissect.cobaltstrike.beacon.BeaconConfig attribute)
SettingsType (in module dissect.cobaltstrike.beacon)
sha256sum_pubkey() (in module dissect.cobaltstrike.beacon)
StageBlock (class in dissect.cobaltstrike.c2profile)
StageTransformBlock (class in dissect.cobaltstrike.c2profile)
string_token_to_bytes() (in module dissect.cobaltstrike.c2profile)
StringIterator (class in dissect.cobaltstrike.c2profile)
strrep (dissect.cobaltstrike.c2profile.StageTransformBlock attribute)
T
tell() (dissect.cobaltstrike.xordecode.XorEncodedFile method)
TransformStep (in module dissect.cobaltstrike.beacon)
tree (dissect.cobaltstrike.c2profile.DataTransformBlock property)
tuple (dissect.cobaltstrike.version.BeaconVersion attribute)
U
u16 (in module dissect.cobaltstrike.utils)
u16be (in module dissect.cobaltstrike.utils)
u32 (in module dissect.cobaltstrike.utils)
u32be (in module dissect.cobaltstrike.utils)
u64 (in module dissect.cobaltstrike.utils)
u64be (in module dissect.cobaltstrike.utils)
u8 (in module dissect.cobaltstrike.utils)
unpack() (in module dissect.cobaltstrike.utils)
unpack_be (in module dissect.cobaltstrike.utils)
uris (dissect.cobaltstrike.beacon.BeaconConfig property)
V
value_to_string() (in module dissect.cobaltstrike.c2profile)
version (dissect.cobaltstrike.beacon.BeaconConfig property)
(dissect.cobaltstrike.version.BeaconVersion attribute)
version_only (dissect.cobaltstrike.version.BeaconVersion property)
version_string (dissect.cobaltstrike.version.BeaconVersion property)
W
watermark (dissect.cobaltstrike.beacon.BeaconConfig property)
X
xor() (in module dissect.cobaltstrike.utils)
xorencoded (dissect.cobaltstrike.beacon.BeaconConfig attribute)
XorEncodedFile (class in dissect.cobaltstrike.xordecode)
xorkey (dissect.cobaltstrike.beacon.BeaconConfig attribute)
Read the Docs
v: v0.2.2
Versions
latest
stable
v0.2.2
v0.2.1
v0.2.0
v0.1.0
Downloads
On Read the Docs
Project Home
Builds