Explore >> Select a destination
|
You are here 
|
www.codeproject.com | ||
| | | | |
usualsuspect.re
|
|
| | | | | ||
| | | | |
forensicitguy.github.io
|
|
| | | | | In this post I want to take a look at a PowerShell-based Cobalt Strike beacon that appeared on MalwareBazaar. This particular beacon is representative of most PowerShell Cobalt Strike activity I see in the wild during my day job. The beacons often show up as service persistence during incidents or during other post-exploitation activity. If you want to follow along at home, the sample I'm using is here: | |
| | | | |
gist.github.com
|
|
| | | | | GitHub Gist: instantly share code, notes, and snippets. | |
| | | | |
thinkdfir.com
|
|
| | | In preparation for an upcoming FOR500 class I thought I would test out one of the recent additions to the class. This post by my colleague Zach shows that Win10 1903 and later has a registry key that will store the full path of any executable that utilises the computers camera or microphone. Zach shows... | ||
