Hunting Cobalt Strike C2 with Shodan

Cobalt Strike C2 Hunting

Four techniques:

  • Default certificate.
  • Hash + 50050 port (FP filtering is required).
  • JARM (FP filtering is required).
  • ASN/ISP scanning (this one is handy for subnet pivoting).

You can read my Twitter thread where I explained the logic behind each technique.

--

--

--

Security Researcher [RED&BLUE]

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Chrome 68 is out, all HTTP sites will now be marked “Not Secure”

{UPDATE} Turret Defense Hack Free Resources Generator

Women & Cybersecurity: Current Trends and Future Possibilities

Beefy Cross-Community Christmas Lottery

How To Keep Google From Collecting Your Data

Poco — Tutorial For Staking/Farming on Poco website using Metamask

The Mechanics of PRIME Lock

Network Infiltration of Smart Cities

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Michael Koczwara

Michael Koczwara

Security Researcher [RED&BLUE]

More from Medium

LetsDefend: Hijacked NPM Package/Supply Chain Compromise

VBA Macro on Word Documents into Malwareverse : Emotet The Terrible

Picture 1.0

SOC143 — Password Stealer Detected (Letsdefend.io) step-by-step analysis

BTLO: SPECTRUM(Audio Steganography)