├── .gitattributes ├── .gitignore ├── CobaltStrikeDetect.sln ├── CobaltStrikeDetect.vcxproj ├── CobaltStrikeDetect.vcxproj.filters ├── README.md ├── dllmain.c ├── framework.h ├── pch.c ├── pch.h └── sdk ├── include ├── circbuf.h ├── circbuf_h.h ├── cpysave.h ├── dltmgr.h ├── dspick.h ├── emenu.h ├── fastlock.h ├── filestream.h ├── graph.h ├── guisup.h ├── hexedit.h ├── hndlinfo.h ├── kphapi.h ├── kphuser.h ├── lsasup.h ├── mapimg.h ├── mxml.h ├── ntdbg.h ├── ntexapi.h ├── ntgdi.h ├── ntioapi.h ├── ntkeapi.h ├── ntldr.h ├── ntlpcapi.h ├── ntmisc.h ├── ntmmapi.h ├── ntnls.h ├── ntobapi.h ├── ntpebteb.h ├── ntpfapi.h ├── ntpnpapi.h ├── ntpoapi.h ├── ntpsapi.h ├── ntregapi.h ├── ntrtl.h ├── ntsam.h ├── ntseapi.h ├── nttmapi.h ├── nttp.h ├── ntwow64.h ├── ntxcapi.h ├── ntzwapi.h ├── ph.h ├── phapppub.h ├── phappresource.h ├── phbase.h ├── phbasesup.h ├── phconfig.h ├── phdata.h ├── phdk.h ├── phnative.h ├── phnativeinl.h ├── phnet.h ├── phnt.h ├── phnt_ntdef.h ├── phnt_windows.h ├── phsup.h ├── phutil.h ├── provider.h ├── queuedlock.h ├── ref.h ├── secedit.h ├── subprocesstag.h ├── svcsup.h ├── symprv.h ├── templ.h ├── treenew.h ├── verify.h ├── winsta.h └── workqueue.h ├── lib ├── amd64 │ └── ProcessHacker.lib └── i386 │ └── ProcessHacker.lib ├── readme.txt └── samples └── SamplePlugin ├── SamplePlugin.sln ├── SamplePlugin.vcxproj ├── SamplePlugin.vcxproj.filters └── main.c /.gitattributes: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/.gitattributes -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/.gitignore -------------------------------------------------------------------------------- /CobaltStrikeDetect.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/CobaltStrikeDetect.sln -------------------------------------------------------------------------------- /CobaltStrikeDetect.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/CobaltStrikeDetect.vcxproj -------------------------------------------------------------------------------- /CobaltStrikeDetect.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/CobaltStrikeDetect.vcxproj.filters -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/README.md -------------------------------------------------------------------------------- /dllmain.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/dllmain.c -------------------------------------------------------------------------------- /framework.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | -------------------------------------------------------------------------------- /pch.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/pch.c -------------------------------------------------------------------------------- /pch.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/pch.h -------------------------------------------------------------------------------- /sdk/include/circbuf.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/circbuf.h -------------------------------------------------------------------------------- /sdk/include/circbuf_h.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/circbuf_h.h -------------------------------------------------------------------------------- /sdk/include/cpysave.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/cpysave.h -------------------------------------------------------------------------------- /sdk/include/dltmgr.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/dltmgr.h -------------------------------------------------------------------------------- /sdk/include/dspick.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/dspick.h -------------------------------------------------------------------------------- /sdk/include/emenu.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/emenu.h -------------------------------------------------------------------------------- /sdk/include/fastlock.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/fastlock.h -------------------------------------------------------------------------------- /sdk/include/filestream.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/filestream.h -------------------------------------------------------------------------------- /sdk/include/graph.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/graph.h -------------------------------------------------------------------------------- /sdk/include/guisup.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/guisup.h -------------------------------------------------------------------------------- /sdk/include/hexedit.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/hexedit.h -------------------------------------------------------------------------------- /sdk/include/hndlinfo.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/hndlinfo.h -------------------------------------------------------------------------------- /sdk/include/kphapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/kphapi.h -------------------------------------------------------------------------------- /sdk/include/kphuser.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/kphuser.h -------------------------------------------------------------------------------- /sdk/include/lsasup.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/lsasup.h -------------------------------------------------------------------------------- /sdk/include/mapimg.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/mapimg.h -------------------------------------------------------------------------------- /sdk/include/mxml.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/mxml.h -------------------------------------------------------------------------------- /sdk/include/ntdbg.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntdbg.h -------------------------------------------------------------------------------- /sdk/include/ntexapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntexapi.h -------------------------------------------------------------------------------- /sdk/include/ntgdi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntgdi.h -------------------------------------------------------------------------------- /sdk/include/ntioapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntioapi.h -------------------------------------------------------------------------------- /sdk/include/ntkeapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntkeapi.h -------------------------------------------------------------------------------- /sdk/include/ntldr.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntldr.h -------------------------------------------------------------------------------- /sdk/include/ntlpcapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntlpcapi.h -------------------------------------------------------------------------------- /sdk/include/ntmisc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntmisc.h -------------------------------------------------------------------------------- /sdk/include/ntmmapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntmmapi.h -------------------------------------------------------------------------------- /sdk/include/ntnls.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntnls.h -------------------------------------------------------------------------------- /sdk/include/ntobapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntobapi.h -------------------------------------------------------------------------------- /sdk/include/ntpebteb.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntpebteb.h -------------------------------------------------------------------------------- /sdk/include/ntpfapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntpfapi.h -------------------------------------------------------------------------------- /sdk/include/ntpnpapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntpnpapi.h -------------------------------------------------------------------------------- /sdk/include/ntpoapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntpoapi.h -------------------------------------------------------------------------------- /sdk/include/ntpsapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntpsapi.h -------------------------------------------------------------------------------- /sdk/include/ntregapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntregapi.h -------------------------------------------------------------------------------- /sdk/include/ntrtl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntrtl.h -------------------------------------------------------------------------------- /sdk/include/ntsam.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntsam.h -------------------------------------------------------------------------------- /sdk/include/ntseapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntseapi.h -------------------------------------------------------------------------------- /sdk/include/nttmapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/nttmapi.h -------------------------------------------------------------------------------- /sdk/include/nttp.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/nttp.h -------------------------------------------------------------------------------- /sdk/include/ntwow64.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntwow64.h -------------------------------------------------------------------------------- /sdk/include/ntxcapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntxcapi.h -------------------------------------------------------------------------------- /sdk/include/ntzwapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ntzwapi.h -------------------------------------------------------------------------------- /sdk/include/ph.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ph.h -------------------------------------------------------------------------------- /sdk/include/phapppub.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phapppub.h -------------------------------------------------------------------------------- /sdk/include/phappresource.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phappresource.h -------------------------------------------------------------------------------- /sdk/include/phbase.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phbase.h -------------------------------------------------------------------------------- /sdk/include/phbasesup.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phbasesup.h -------------------------------------------------------------------------------- /sdk/include/phconfig.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phconfig.h -------------------------------------------------------------------------------- /sdk/include/phdata.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phdata.h -------------------------------------------------------------------------------- /sdk/include/phdk.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phdk.h -------------------------------------------------------------------------------- /sdk/include/phnative.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phnative.h -------------------------------------------------------------------------------- /sdk/include/phnativeinl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phnativeinl.h -------------------------------------------------------------------------------- /sdk/include/phnet.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phnet.h -------------------------------------------------------------------------------- /sdk/include/phnt.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phnt.h -------------------------------------------------------------------------------- /sdk/include/phnt_ntdef.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phnt_ntdef.h -------------------------------------------------------------------------------- /sdk/include/phnt_windows.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phnt_windows.h -------------------------------------------------------------------------------- /sdk/include/phsup.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phsup.h -------------------------------------------------------------------------------- /sdk/include/phutil.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/phutil.h -------------------------------------------------------------------------------- /sdk/include/provider.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/provider.h -------------------------------------------------------------------------------- /sdk/include/queuedlock.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/queuedlock.h -------------------------------------------------------------------------------- /sdk/include/ref.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/ref.h -------------------------------------------------------------------------------- /sdk/include/secedit.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/secedit.h -------------------------------------------------------------------------------- /sdk/include/subprocesstag.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/subprocesstag.h -------------------------------------------------------------------------------- /sdk/include/svcsup.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/svcsup.h -------------------------------------------------------------------------------- /sdk/include/symprv.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/symprv.h -------------------------------------------------------------------------------- /sdk/include/templ.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/templ.h -------------------------------------------------------------------------------- /sdk/include/treenew.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/treenew.h -------------------------------------------------------------------------------- /sdk/include/verify.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/verify.h -------------------------------------------------------------------------------- /sdk/include/winsta.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/winsta.h -------------------------------------------------------------------------------- /sdk/include/workqueue.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/include/workqueue.h -------------------------------------------------------------------------------- /sdk/lib/amd64/ProcessHacker.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/lib/amd64/ProcessHacker.lib -------------------------------------------------------------------------------- /sdk/lib/i386/ProcessHacker.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/lib/i386/ProcessHacker.lib -------------------------------------------------------------------------------- /sdk/readme.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/readme.txt -------------------------------------------------------------------------------- /sdk/samples/SamplePlugin/SamplePlugin.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/samples/SamplePlugin/SamplePlugin.sln -------------------------------------------------------------------------------- /sdk/samples/SamplePlugin/SamplePlugin.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/samples/SamplePlugin/SamplePlugin.vcxproj -------------------------------------------------------------------------------- /sdk/samples/SamplePlugin/SamplePlugin.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/samples/SamplePlugin/SamplePlugin.vcxproj.filters -------------------------------------------------------------------------------- /sdk/samples/SamplePlugin/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/howmp/CobaltStrikeDetect/HEAD/sdk/samples/SamplePlugin/main.c --------------------------------------------------------------------------------