Blowing Cobalt Strike Out of the Water With Memory Analysis | allinfosecnews.com

Dec. 2, 2022, 2 p.m. | Dominik Reichel, Esmid Idrizovic and Bob Jung

Unit42 unit42.paloaltonetworks.com

Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. We will also discuss the evasion tactics used by these threats, and other issues that make their analysis problematic.

The post Blowing Cobalt Strike Out of the Water With Memory Analysis appeared first on Unit 42.

analysis cloud-delivered security services cobalt cobalt strike cortex xdr evasive malware malware memory memory analysis sandbox strike water wildfire

More from unit42.paloaltonetworks.com / Unit42

Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 1 week, 5 days ago | unit42.paloaltonetworks.com

campaign command command injection cve +13

Muddled Libra’s Evolution to the Cloud 2 weeks, 1 day ago | unit42.paloaltonetworks.com

amp applications att aws +17

It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise 2 weeks, 2 days ago | unit42.paloaltonetworks.com

advanced threat prevention advanced url filtering advanced wildfire attacks +14

Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094) 3 weeks, 4 days ago | unit42.paloaltonetworks.com

compression cortex xdr cortex xsiam cve +17

Exposing a New BOLA Vulnerability in Grafana 4 weeks ago | unit42.paloaltonetworks.com

advanced url filtering api api attacks authorization +19

ASEAN Entities in the Spotlight: Chinese APT Group Targeting 4 weeks, 1 day ago | unit42.paloaltonetworks.com

actions advanced persistent threat advanced url filtering apac +20

Large-Scale StrelaStealer Campaign in Early 2024 1 month ago | unit42.paloaltonetworks.com

advanced threat protection advanced wildfire campaign campaigns +16

Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention 1 month ago | unit42.paloaltonetworks.com

advanced threat prevention advanced url filtering advanced wildfire aerospace +25

Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor 1 month ago | unit42.paloaltonetworks.com

advanced threat prevention advanced url filtering advanced wildfire agency +21

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

EY GDS Internship Program - SAP, Cyber, IT Consultant or Finance Talents with German language

@ EY | Wrocław, DS, PL, 50-086

View on infosec-jobs.com

Security Architect - 100% Remote (REF1604S)

@ Citizant | Chantilly, VA, United States

View on infosec-jobs.com

Network Security Engineer - Firewall admin (f/m/d)

@ Deutsche Börse | Prague, CZ

View on infosec-jobs.com

Junior Cyber Solutions Consultant

@ Dionach | Glasgow, Scotland, United Kingdom

View on infosec-jobs.com

Senior Software Engineer (Cryptography), Bitkey

@ Block | New York City, United States

View on infosec-jobs.com