I updated the analysis logic in this new version of my tool 1768.py to analyze Cobalt Strike beacons.
There’s a new option -c (–csv) to output the config values in CSV format.
And now with option -r (–raw), identical configs are de-duplicated.
1768_v0_0_5.zip (https)
MD5: 83D7A867B93FAC13BA24F17DDA994A9A
SHA256: CBCB84B9C4D8C1ED05983C2A211E3EA6029E69782FDDD6E15181EE4F47383EB5
[…] Didier StevensUpdate: 1768.py Version 0.0.5 […]
Pingback by Week 11 – 2021 – This Week In 4n6 — Sunday 14 March 2021 @ 0:47
[…] parse-cs-http-traffic.py, 1768.py, pecheck.py and […]
Pingback by Didier Stevens Videos — Sunday 18 April 2021 @ 12:09