Michael Koczwara

Sep 7, 2021

2 min read

Hunting Cobalt Strike C2 with Shodan

Cobalt Strike C2 Hunting
  • Default certificate.
  • Hash + 50050 port (FP filtering is required).
  • JARM (FP filtering is required).
  • ASN/ISP scanning (this one is handy for subnet pivoting).

--

--

More from Michael Koczwara

Security Researcher

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Michael Koczwara

Michael Koczwara

1K Followers

Security Researcher

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech