• Hijack Execution Flow: DLL Search Order Hijacking.
  • Payload extraction from the PCAP (VT, Triage, and CyberChef Analysis).
  • Attack Analysis.
  • DLL Hijacking via Cobalt Strike/Sysrep.

Part One

Agenda:

Methodologies & Tools covered:

  • Windows command line.
  • Powershell command line.
  • Windows component tools such as eventviewer, regedit and taskscheduler.

Process Investigation Map

  • Net user
  • Event viewer
  • Task scheduler
  • Regedit

Cobalt Strike C2 mubuwu.com

Michael Koczwara

Security Researcher [RED&BLUE]

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store