Date Author Title
2025-03-10Xavier MertensShellcode Encoded in UUIDs
2023-12-15Xavier MertensCSharp Payload Phoning to a CobaltStrike Server
2023-12-05Didier StevensCobalt Strike's "Runtime Configuration"
2022-06-30Brad DuncanCase Study: Cobalt Strike Server Lives on After Its Domain Is Suspended
2022-03-16Brad DuncanQakbot infection with Cobalt Strike and VNC activity
2022-01-09Didier StevensExtracting Cobalt Strike Beacons from MSBuild Scripts
2021-11-07Didier StevensVideo: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-11-06Didier StevensDecrypting Cobalt Strike Traffic With Keys Extracted From Process Memory
2021-10-25Didier StevensDecrypting Cobalt Strike Traffic With a "Leaked" Private Key
2021-08-11Brad DuncanTA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike
2021-05-30Didier StevensVideo: Cobalt Strike & DNS - Part 1
2021-03-15Didier StevensFinding Metasploit & Cobalt Strike URLs
2021-02-14Didier StevensVideo: tshark & Malware Analysis
2021-01-13Brad DuncanHancitor activity resumes after a hoilday break
2020-11-23Didier StevensQuick Tip: Cobalt Strike Beacon Analysis