Guidance for mitigation web shells. #nsacyber
The main features of nsacyber/mitigating-web-shells are: Blue Team Tools.
Open-source alternatives to nsacyber/mitigating-web-shells include: 0xd4d/de4dot — de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers,… 3lp4tr0n/beaconhunter — Behavior based monitoring and hunting tool built in C# leveraging ETW tracing. Blue teamers can use this tool to… ben0xa/powershelldefense. ccob/beaconeye — BeaconEye scans running processes for active CobaltStrike beacons. When processes are found to be running beacon,… cisagov/sparrow — Sparrow.ps1 was created by CISA's Cloud Forensics team to help detect possible compromised accounts and applications… 0kee-team/watchad.
de4dot is a .NET deobfuscator, unpacker, and assembly analysis tool. It is designed to remove obfuscation layers, restore metadata, and simplify bytecode control flow to transform protected binaries back into human-readable code. The project features specialized systems for decrypting strings and constants using both static and dynamic analysis. It identifies specific protection tools through pattern-based detection and strips anti-analysis protections, such as tamper detection and anti-debugging code. The tool provides a suite of reverse engineering capabilities, including binary wrapper un
Behavior based monitoring and hunting tool built in C# leveraging ETW tracing. Blue teamers can use this tool to detect and respond to potential Cobalt Strike beacons. Red teamers can use this tool to research ETW bypasses and discover new processes that behave like beacons.