ThatTotallyRealMyth / Impacket-IoCs

Public

This repo contains the results of an internal re-write of impacket I undertook at my current company. It contains some of the IoCs found within the library

defense-evasion detection-engineering impacket incident-response indicators-of-compromise

100% credibility

Found May 01, 2026 at 82 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

AI Summary

A reference collection of network behavior clues for identifying use of a popular penetration testing tool, shared to help defenders and testers alike.

How It Works

🔍 Discover the guide

You find this helpful reference while looking for ways to spot sneaky network activity in cybersecurity articles or forums.

📖 Read the big picture

You open the page and skim the overview to understand the deep clues left by common hacking tools.

📋 Explore clue categories

You dive into the organized lists of 65 specific signs grouped by areas like logins, connections, and commands.

💡 Pick strong signals

You learn which clues are powerful on their own, which work best in groups, and which add extra context.

🛡️ Apply to your work

You use these insights to check your own logs, build better alerts, or test your defenses.

🎉 Spot threats easier

Your security setup now catches suspicious patterns more reliably, making your networks safer.

Sign up to see the full architecture

4 more

Star Growth

See how this repo grew from 82 to 82 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is Impacket-IoCs?

This repo contains Impacket IoCs found during an internal rewrite at the author's current company, documenting 65 protocol-level indicators across Kerberos, SMB, NTLM, LDAP, DCE/RPC, and more. It helps defenders spot Impacket-driven attacks beyond easy-to-change artifacts like filenames, focusing on durable signals like auth_context_id patterns or SMB ClientGuid quirks. Users get a categorized reference with high-confidence, cluster-based, and noise-reducing IoCs, pulled from real-world notes for blue and red teams.

Why is it gaining traction?

It stands out by targeting deep protocol fingerprints that persist even if attackers tweak surface-level tools, unlike basic artifact hunts. With 82 stars, the hook is practical guidance for smaller teams lacking commercial detection content, plus tips for red teamers to blend in. No code bloat—just actionable IoCs that work with Zeek, ETW, or PCAP analysis.

Who should use this?

Blue teamers building Impacket detections on budgets, security analysts hunting protocol anomalies in Active Directory logs, and red teamers testing evasion against Kerberos or NTLM quirks. Ideal for SOC operators correlating SMB/DCE-RPC traffic or validating baselines in Windows Server environments.

Verdict

Solid niche reference for Impacket IoCs despite the 1.0% credibility score and modest 82 stars—docs are thorough but the repo contains uncommitted changes signaling low maturity. Grab it for inspiration if you're in protocol detection; skip if you need production-ready tools.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 82 stars

Penalty: Very new repo (0d): -70%

Penalty: New repo with many stars: -90% (possible fake)

Bonus: AI verified quality (100%)

Account age: 1,426 days

Repo age: 0 days

Updated: May 01, 2026