[SANS ISC] Video: Making Sense Of Encrypted Cobalt Strike Traffic, (Sun, May 23rd)

Brad posted another malware analysis with capture file of Cobalt Strike traffic.

The traffic is encrypted and the key is unknown. While it’s impossible to determine what exact commands were executed in this case, it is still possible to determine if commands were send by the C2 and if results were sent back.

I explain how in this video.

If you have proxy logs in stead of a packet capture, it’s possible to do the same analysis, provided that the proxy logs report how much data (size of HTTP headers and size of data) was exchanged.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[ZDNet] The best VPN for the UK 2021

All posts, ZDNet

There are many good reasons why Brits could benefit from a Virtual Private Network (VPN), but it’s not a simple choice to make given the amount of data a VPN provider can collect about you. Here are five that we think are worth considering in the UK. Source: Read More (Latest topics for ZDNet in […]

Read More

[HackerNews] Hackers Using Fake Foundations to Target Uyghur Minority in China

All posts, HackerNews

The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems. “Considerable effort was put into disguising the payloads, whether by creating delivery documents that appear to be originating from the United […]

Read More

[SecurityWeek] Tor Browser Patches Application Probing Vulnerability

All posts, Security Week

A new version of the open-source Tor Browser was released this week with patches for multiple vulnerabilities, including one that could allow malicious websites to track users across browsers by identifying applications running on their devices. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.