Click here to download all references as Bib-File.•
| 2022-09-06
⋅
Didier Stevens
⋅
An Obfuscated Beacon – Extra XOR Layer Cobalt Strike |
| 2022-04-06
⋅
nviso
⋅
Analyzing a “multilayer” Maldoc: A Beginner’s Guide 404 Keylogger |
| 2022-03-22
⋅
NVISO Labs
⋅
Cobalt Strike: Overview – Part 7 Cobalt Strike |
| 2021-11-17
⋅
nviso
⋅
Cobalt Strike: Decrypting Obfuscated Traffic – Part 4 Cobalt Strike |
| 2021-11-03
⋅
Didier Stevens
⋅
New Tool: cs-extract-key.py Cobalt Strike |
| 2021-11-03
⋅
nviso
⋅
Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3 Cobalt Strike |
| 2021-10-27
⋅
nviso
⋅
Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2 Cobalt Strike |
| 2021-10-21
⋅
nviso
⋅
Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1 Cobalt Strike |
| 2021-04-18
⋅
YouTube (dist67)
⋅
Decoding Cobalt Strike Traffic Cobalt Strike |
| 2021-03-21
⋅
YouTube (dist67)
⋅
Finding Metasploit & Cobalt Strike URLs Cobalt Strike |
| 2021-03-07
⋅
InfoSec Handlers Diary Blog
⋅
PCAPs and Beacons Cobalt Strike |
| 2020-12-15
⋅
InfoSec Handlers Diary Blog
⋅
Analyzing FireEye Maldocs |
| 2020-10-26
⋅
SANS ISC InfoSec Forums
⋅
Excel 4 Macros: "Abnormal Sheet Visibility" |
| 2020-09-01
⋅
nviso
⋅
Epic Manchego – atypical maldoc delivery brings flurry of infostealers Azorult NjRAT |
| 2020-03-23
⋅
SANS ISC
⋅
KPOT Deployed via AutoIt Script KPOT Stealer |
| 2019-08-26
⋅
InfoSec Handlers Diary Blog
⋅
The DAA File Format |