This new version of my tool to decrypt Cobalt Strike metadata, now supports transformations. By default, encrypted metadata in Cobalt Strike traffic is encoded with BASE64 and then transmitted via the Cookie header in HTTP(S) requests. This … [Continue Reading]
Update: 1768.py Version 0.0.9
This new version of 1768.py, my tool to decode Cobalt Strike beacon configs, brings proper decoding of malleable instructions. And the license ID statistics have been updated, and 3 new private RSA keys have been added. Fields 0x000b … [Continue Reading]
New Tool: cs-extract-key.py
cs-extract-key.py is a tool designed to extract cryptographic keys from Cobalt Strike beacon process memory dumps. This tool was already available in my beta repository. This tool can extract cryptographic keys from process memory dumps of a … [Continue Reading]
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 596
- Next Page »