Just released a new @OutflankNL Cobalt Strike BOF project which uses direct system calls to enumerate processes for specific loaded modules or process handles. E.g. to find open handles to LSASS or processes with CLR loaded for execute-assembly spawnto. github.com/outflanknl/FindOb…
RedELK v2 BETA 3 release is out!
Aka the one where you all have been waiting for because it uses docker for easy installation!
Get it while its hot at: github.com/outflanknl/RedELK
Many thanks to @fastlorenzo and @xychix for their work
To my peers: keep doing what you're doing. I'm proud of you. I'm proud to work with you. And I know the impact we've had and continue to have. It's not always appreciated, not always well communicated, but we're moving the needle too.
Long time in the making, but its finally here:
RedELK Version 2 - beta release 1
Go get it here: codeload.github.com/outflank…
Some features:
> Support for other C2s
> Integrated BloodHound
> Integrated Jupyter Notebooks
> Integrated MITRE ATT&CK viewer
> Lots of new dashboards
RedELK now also has better MITRE ATT&CK integration. When you use Cobalt Strike, the TTPs are recorded. RedELK picks these up and gathers this (nothing new). But now these are also put on a dashboard.
If you are not paying attention to the maindev branch of RedELK you are missing out!
Here is a sneak peak of just a few of the new things.
First things first, the logo still rocks hard in being awful :-) But now it is in SVG so integrates great in the new stack.