all InfoSec news
Update: 1768.py Version 0.0.20
Malware Analysis, News and Indicators - Latest topics malware.news
This update to 1768.py, my Cobalt Strike beacon analysis tool, adds “runtime configuration” extraction.
Although 1768.py could already search for beacon configurations inside process memory dumps, the dump was just processed as a raw file.
With this update, 1768.py will also search for the runtime configuration inside a process memory dump. The runtime configuration, is a C/C++ array with integers and pointers, that is created in the heap by the beacon’s C/C++ code from the obfuscated configuration (e.g., XOR 0x2E). …
analysis beacon cobalt cobalt strike configuration file malware analysis memory process runtime search strike tool update version