Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-05-07Medium svch0stsvch0st
@online{svch0st:20210507:stats:11919e5, author = {svch0st}, title = {{Stats from Hunting Cobalt Strike Beacons}}, date = {2021-05-07}, organization = {Medium svch0st}, url = {https://svch0st.medium.com/stats-from-hunting-cobalt-strike-beacons-c17e56255f9b}, language = {English}, urldate = {2021-05-08} } Stats from Hunting Cobalt Strike Beacons
Cobalt Strike
2021-05-04Medium sergiusechelSergiu Sechel
@online{sechel:20210504:improving:ce4da6d, author = {Sergiu Sechel}, title = {{Improving the network-based detection of Cobalt Strike C2 servers in the wild while reducing the risk of false positives}}, date = {2021-05-04}, organization = {Medium sergiusechel}, url = {https://sergiusechel.medium.com/improving-the-network-based-detection-of-cobalt-strike-c2-servers-in-the-wild-while-reducing-the-6964205f6468}, language = {English}, urldate = {2021-05-04} } Improving the network-based detection of Cobalt Strike C2 servers in the wild while reducing the risk of false positives
Cobalt Strike
2021-04-26getrevueTwitter (@80vul)
@online{80vul:20210426:hunting:e8be278, author = {Twitter (@80vul)}, title = {{Hunting Cobalt Strike DNS redirectors by using ZoomEye}}, date = {2021-04-26}, organization = {getrevue}, url = {https://www.getrevue.co/profile/80vul/issues/hunting-cobalt-strike-dns-redirectors-by-using-zoomeye-580734}, language = {English}, urldate = {2021-04-29} } Hunting Cobalt Strike DNS redirectors by using ZoomEye
Cobalt Strike
2021-04-26nvisoMaxime Thiebaut
@online{thiebaut:20210426:anatomy:0ade0a5, author = {Maxime Thiebaut}, title = {{Anatomy of Cobalt Strike’s DLL Stager}}, date = {2021-04-26}, organization = {nviso}, url = {https://blog.nviso.eu/2021/04/26/anatomy-of-cobalt-strike-dll-stagers/}, language = {English}, urldate = {2021-04-29} } Anatomy of Cobalt Strike’s DLL Stager
Cobalt Strike
2021-04-24Non-offensive securityNon-offensive security team
@online{team:20210424:detect:4fab11a, author = {Non-offensive security team}, title = {{Detect Cobalt Strike server through DNS protocol}}, date = {2021-04-24}, organization = {Non-offensive security}, url = {https://mp.weixin.qq.com/s/peIpPJLt4NuJI1a31S_qbQ}, language = {Chinese}, urldate = {2021-04-29} } Detect Cobalt Strike server through DNS protocol
Cobalt Strike
2021-04-19NetresecErik Hjelmvik
@online{hjelmvik:20210419:analysing:c6bff49, author = {Erik Hjelmvik}, title = {{Analysing a malware PCAP with IcedID and Cobalt Strike traffic}}, date = {2021-04-19}, organization = {Netresec}, url = {https://netresec.com/?b=214d7ff}, language = {English}, urldate = {2021-04-20} } Analysing a malware PCAP with IcedID and Cobalt Strike traffic
Cobalt Strike IcedID
2021-04-18YouTube (dist67)Didier Stevens
@online{stevens:20210418:decoding:18e5319, author = {Didier Stevens}, title = {{Decoding Cobalt Strike Traffic}}, date = {2021-04-18}, organization = {YouTube (dist67)}, url = {https://www.youtube.com/watch?v=ysN-MqyIN7M}, language = {English}, urldate = {2021-04-20} } Decoding Cobalt Strike Traffic
Cobalt Strike
2021-04-09F-SecureRiccardo Ancarani, Giulio Ginesi
@online{ancarani:20210409:detecting:01d28ed, author = {Riccardo Ancarani and Giulio Ginesi}, title = {{Detecting Exposed Cobalt Strike DNS Redirectors}}, date = {2021-04-09}, organization = {F-Secure}, url = {https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors}, language = {English}, urldate = {2021-04-14} } Detecting Exposed Cobalt Strike DNS Redirectors
Cobalt Strike
2021-04-07Medium sixdubJustin Warner
@online{warner:20210407:using:a7d19fd, author = {Justin Warner}, title = {{Using Kaitai Struct to Parse Cobalt Strike Beacon Configs}}, date = {2021-04-07}, organization = {Medium sixdub}, url = {https://sixdub.medium.com/using-kaitai-to-parse-cobalt-strike-beacon-configs-f5f0552d5a6e}, language = {English}, urldate = {2021-04-09} } Using Kaitai Struct to Parse Cobalt Strike Beacon Configs
Cobalt Strike
2021-04-01Palo Alto Networks Unit 42Brad Duncan
@online{duncan:20210401:hancitors:8876ca1, author = {Brad Duncan}, title = {{Hancitor’s Use of Cobalt Strike and a Noisy Network Ping Tool}}, date = {2021-04-01}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/hancitor-infections-cobalt-strike/}, language = {English}, urldate = {2021-04-06} } Hancitor’s Use of Cobalt Strike and a Noisy Network Ping Tool
Cobalt Strike Hancitor
2021-04-01DomainToolsJoe Slowik
@online{slowik:20210401:covid19:6a96e45, author = {Joe Slowik}, title = {{COVID-19 Phishing With a Side of Cobalt Strike}}, date = {2021-04-01}, organization = {DomainTools}, url = {https://www.domaintools.com/resources/blog/covid-19-phishing-with-a-side-of-cobalt-strike#}, language = {English}, urldate = {2021-04-06} } COVID-19 Phishing With a Side of Cobalt Strike
Cobalt Strike
2021-03-30GuidePoint SecurityDrew Schmitt
@online{schmitt:20210330:yet:9855592, author = {Drew Schmitt}, title = {{Yet Another Cobalt Strike Stager: GUID Edition}}, date = {2021-03-30}, organization = {GuidePoint Security}, url = {https://www.guidepointsecurity.com/yet-another-cobalt-strike-loader-guid-edition/}, language = {English}, urldate = {2021-04-06} } Yet Another Cobalt Strike Stager: GUID Edition
Cobalt Strike
2021-03-21YouTube (dist67)Didier Stevens
@online{stevens:20210321:finding:92a9a4d, author = {Didier Stevens}, title = {{Finding Metasploit & Cobalt Strike URLs}}, date = {2021-03-21}, organization = {YouTube (dist67)}, url = {https://www.youtube.com/watch?v=WW0_TgWT2gs}, language = {English}, urldate = {2021-03-25} } Finding Metasploit & Cobalt Strike URLs
Cobalt Strike
2021-03-16ElasticJoe Desimone
@online{desimone:20210316:detecting:4091130, author = {Joe Desimone}, title = {{Detecting Cobalt Strike with memory signatures}}, date = {2021-03-16}, organization = {Elastic}, url = {https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures}, language = {English}, urldate = {2021-03-22} } Detecting Cobalt Strike with memory signatures
Cobalt Strike
2021-03-09splunkSecurity Research Team
@online{team:20210309:cloud:4deeb78, author = {Security Research Team}, title = {{Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021}}, date = {2021-03-09}, organization = {splunk}, url = {https://www.splunk.com/en_us/blog/security/cloud-federated-credential-abuse-cobalt-strike-threat-research-feb-2021.html}, language = {English}, urldate = {2021-03-11} } Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021
Cobalt Strike
2021-03-01Trend MicroDon Ovid Ladores
@online{ladores:20210301:povlsomware:d683693, author = {Don Ovid Ladores}, title = {{Povlsomware Ransomware Features Cobalt Strike Compatibility}}, date = {2021-03-01}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/c/povlsomware-ransomware-features-cobalt-strike-compatibility.html}, language = {English}, urldate = {2021-04-06} } Povlsomware Ransomware Features Cobalt Strike Compatibility
Povlsomware
2021-02-09Cobalt StrikeRaphael Mudge
@online{mudge:20210209:learn:c08b657, author = {Raphael Mudge}, title = {{Learn Pipe Fitting for all of your Offense Projects}}, date = {2021-02-09}, organization = {Cobalt Strike}, url = {https://blog.cobaltstrike.com/2021/02/09/learn-pipe-fitting-for-all-of-your-offense-projects/}, language = {English}, urldate = {2021-02-10} } Learn Pipe Fitting for all of your Offense Projects
Cobalt Strike
2021-02-09SecurehatSecurehat
@online{securehat:20210209:extracting:0f4ae2f, author = {Securehat}, title = {{Extracting the Cobalt Strike Config from a TEARDROP Loader}}, date = {2021-02-09}, organization = {Securehat}, url = {https://blog.securehat.co.uk/malware-analysis/extracting-the-cobalt-strike-config-from-a-teardrop-loader}, language = {English}, urldate = {2021-02-10} } Extracting the Cobalt Strike Config from a TEARDROP Loader
Cobalt Strike TEARDROP
2021-02-01pkb1s.github.ioPetros Koutroumpis
@online{koutroumpis:20210201:relay:596413f, author = {Petros Koutroumpis}, title = {{Relay Attacks via Cobalt Strike Beacons}}, date = {2021-02-01}, organization = {pkb1s.github.io}, url = {https://pkb1s.github.io/Relay-attacks-via-Cobalt-Strike-beacons/}, language = {English}, urldate = {2021-02-04} } Relay Attacks via Cobalt Strike Beacons
Cobalt Strike
2021-01-28TrustedSecAdam Chester
@online{chester:20210128:tailoring:d3f973c, author = {Adam Chester}, title = {{Tailoring Cobalt Strike on Target}}, date = {2021-01-28}, organization = {TrustedSec}, url = {https://www.trustedsec.com/blog/tailoring-cobalt-strike-on-target/}, language = {English}, urldate = {2021-01-29} } Tailoring Cobalt Strike on Target
Cobalt Strike