This is an update for my tool to perform XOR known plaintext attacks: xor-kpa.py.
The tool has been updated for Python 3, and 3 new plaintext have been added, all for Cobalt Strike configurations.
cs-key is the header of the configuration entry for the public key.
cs-key-dot is the header of the configuration entry for the public key XORed with value 0x2E (a dot).
cs-key-i is the header of the configuration entry for the public key XORed with value 0x69 (letter i).
xor-kpa_V0_0_6.zip (http)Click to Open Code Editor