Cobalt Strike Hunting — Malleable C2 jQuery profile & rundll32 Analysis

Agenda:

Malleable C2 — jQuery profiles.

Cobalt Strike — SpawnTo and Rundll32.

PCAP & VT Analysis — Rundll32 connecting over TCP to Cobalt Strike C2.

Cobalt Strike Malleable C2 User-Agents.

Malleable C2 — jQuery profiles.

--

--

--

Security Researcher [RED&BLUE]

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Beware Of The Scams During Pandemic Time

Beware of the Scams During Pandemic Time

Hacking — Best OF Reverse Engineering — Part 24

The False Choice Between Privacy and Safety in Smart Surveillance

Mozilla Lockwise — The Better Password Manager?

Private Data Authentication and the New Age of Cybersecurity

Notorious ransomware gang Conti shuts down, but not for good

{UPDATE} 超級大話骰 Hack Free Resources Generator

{UPDATE} Weed Merge Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Michael Koczwara

Michael Koczwara

Security Researcher [RED&BLUE]

More from Medium

LetsDefend: Hijacked NPM Package/Supply Chain Compromise

Creating Malicious .wms Files — Malware Mondays #3

SOC104 — Malware Detected Alert: A Walkthrough

Conti Ransomware— Threat Hunting with Splunk