Didier Stevens

Sunday 27 December 2020

Update: 1768.py Version 0.0.4

Filed under: My Software,Update — Didier Stevens @ 0:00

This is an update of my tool to analyze Cobalt Strike beacons.

Option -l can be used to generate YARA rules to search for Cobalt Strike beacons with a given license ID.


1768_v0_0_4.zip (https)
MD5: 35779393F2DC6171731446F8E0AC361B
SHA256: 59148C2DA13BE4DB203F9444E837911476BDE74E41E5A82C865E9729101336D2


  1. […] Update: 1768.py Version 0.0.4 […]

    Pingback by Week 52 – 2020 – This Week In 4n6 — Sunday 27 December 2020 @ 5:26

  2. Have you seen: https://www.randhome.io/blog/2020/12/20/analyzing-cobalt-strike-for-fun-and-profit/

    Comment by Anonym — Sunday 27 December 2020 @ 9:18

  3. Thanks for the heads up

    Comment by Didier Stevens — Monday 28 December 2020 @ 9:11

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.