Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
“Public” Private Cobalt Strike Keys
published on 2021-10-21 18:05:35 UTC by Didier StevensContent:
I found 6 private keys used by malicious Cobalt Strike servers. There’s a significant number of malicious CS servers on the Internet that reuse these keys, thus allowing us to decrypt their C2 traffic. For the details, I recommend reading the following blog post I wrote “Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1“.
I integrated these keys in the database (1768.json) of my tool 1768.py (starting version 0.0.8).
Whenever you analyze a beacon with 1768.py that uses a public key with a known private key, the report will point this out:
And when you use option verbose, the private key will be included:
If you want to integrated these 6 keys in your own tools: be my guest. You can find these key pairs in 1768.json.
https://blog.didierstevens.com/2021/10/21/public-private-cobalt-strike-keys/
Published: 2021 10 21 18:05:35
Received: 2021 10 21 18:06:15
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Views: 0
