Michael Koczwara

Aug 5, 2021

4 min read

Cobalt Strike Hunting — Malleable C2 jQuery profile & rundll32 Analysis

Agenda:

Malleable C2 — jQuery profiles.

Cobalt Strike — SpawnTo and Rundll32.

PCAP & VT Analysis — Rundll32 connecting over TCP to Cobalt Strike C2.

Cobalt Strike Malleable C2 User-Agents.

Malleable C2 — jQuery profiles.

--

--

--

More from Michael Koczwara

Security Researcher [RED&BLUE]

Love podcasts or audiobooks? Learn on the go with our new app.

Try Knowable

Recommended from Medium

Lee Cardona

Back to the future for enterprise clouds

Demiro

in

Coinmonks

Blockchain Cryptography and Hashing in a nutshell

Shade Protocol

Shade Protocol Raises $5M: 20+ Key Partners Invested

Dave Christen

Securing Your DLP Future In The Unsecured Datasphere

Kristine Guilleno

QYUtility (QYU) Token

Voice of reason

Hypocrisy and silence. Second update on the PancakeSwap Scam.

Md Ali Hossain

Android Data Security

Sennovate

Tips for enterprises to implement remote workforce solutions

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Michael Koczwara

Michael Koczwara

Security Researcher [RED&BLUE]

More from Medium

Michael Koczwara

Attack Analysis — Cobalt Strike C2 & Hancitor/Malware

Mauricio Velazco

Hunting for samAccountName Spoofing (CVE-2021–42278) & Domain Controller Impersonation…

Cyborg Security

Threat Hunt Deep Dives: Get to Know Your Log — Pt. 1

Crest Data Systems

Threat Detection & Hunting with Google Chronicle Security

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable