Cobalt Strike Hunting — Malleable C2 jQuery profile & rundll32 Analysis

Agenda:

Malleable C2 — jQuery profiles.

Cobalt Strike — SpawnTo and Rundll32.

PCAP & VT Analysis — Rundll32 connecting over TCP to Cobalt Strike C2.

Cobalt Strike Malleable C2 User-Agents.

Malleable C2 — jQuery profiles.

--

--

--

Security Researcher [RED&BLUE]

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Back to the future for enterprise clouds

Blockchain Cryptography and Hashing in a nutshell

Shade Protocol Raises $5M: 20+ Key Partners Invested

Securing Your DLP Future In The Unsecured Datasphere

QYUtility (QYU) Token

Hypocrisy and silence. Second update on the PancakeSwap Scam.

Android Data Security

Tips for enterprises to implement remote workforce solutions

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Michael Koczwara

Michael Koczwara

Security Researcher [RED&BLUE]

More from Medium

Attack Analysis — Cobalt Strike C2 & Hancitor/Malware

Hunting for samAccountName Spoofing (CVE-2021–42278) & Domain Controller Impersonation…

Threat Hunt Deep Dives: Get to Know Your Log — Pt. 1

Threat Detection & Hunting with Google Chronicle Security