Click here to download all references as Bib-File.
| 2022-09-06 ⋅ Didier Stevens ⋅ An Obfuscated Beacon – Extra XOR Layer Cobalt Strike |
| 2022-04-06 ⋅ nviso ⋅ Analyzing a “multilayer” Maldoc: A Beginner’s Guide 404 Keylogger |
| 2022-03-22 ⋅ NVISO Labs ⋅ Cobalt Strike: Overview – Part 7 Cobalt Strike |
| 2021-11-17 ⋅ nviso ⋅ Cobalt Strike: Decrypting Obfuscated Traffic – Part 4 Cobalt Strike |
| 2021-11-03 ⋅ nviso ⋅ Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3 Cobalt Strike |
| 2021-11-03 ⋅ Didier Stevens ⋅ New Tool: cs-extract-key.py Cobalt Strike |
| 2021-10-27 ⋅ nviso ⋅ Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2 Cobalt Strike |
| 2021-10-21 ⋅ nviso ⋅ Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1 Cobalt Strike |
| 2021-04-18 ⋅ YouTube (dist67) ⋅ Decoding Cobalt Strike Traffic Cobalt Strike |
| 2021-03-21 ⋅ YouTube (dist67) ⋅ Finding Metasploit & Cobalt Strike URLs Cobalt Strike |
| 2021-03-07 ⋅ InfoSec Handlers Diary Blog ⋅ PCAPs and Beacons Cobalt Strike |
| 2020-12-15 ⋅ InfoSec Handlers Diary Blog ⋅ Analyzing FireEye Maldocs |
| 2020-10-26 ⋅ SANS ISC InfoSec Forums ⋅ Excel 4 Macros: "Abnormal Sheet Visibility" |
| 2020-09-01 ⋅ nviso ⋅ Epic Manchego – atypical maldoc delivery brings flurry of infostealers Azorult NjRAT |
| 2020-03-23 ⋅ SANS ISC ⋅ KPOT Deployed via AutoIt Script KPOT Stealer |
| 2019-08-26 ⋅ InfoSec Handlers Diary Blog ⋅ The DAA File Format |