Welcome to our

Cyber Security News Aggregator

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

First slide label

Some representative placeholder content for the first slide.

Second slide label

Some representative placeholder content for the second slide.

Third slide label

Some representative placeholder content for the third slide.

MiTM Cobalt Strike Network Traffic

published on 2021-12-11 10:14:58 UTC by Didier Stevens
Content:

I made a small PoC. cs-mitm. py is a mitmproxy script that intercepts Cobalt Strike traffic, decrypts it and injects its own commands. In this video, a malicious beacon is terminated by sending it an exit command. I selected a malicious beacon that uses one of the leaked private keys.

The script does not support data transforms, but that can be easily added, for example with code found in cs-parse-traffic.py.

Article: MiTM Cobalt Strike Network Traffic - published almost 3 years ago.

https://blog.didierstevens.com/2021/12/11/mitm-cobalt-strike-network-traffic/
Published: 2021 12 11 10:14:58
Received: 2021 12 11 10:25:41
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Views: 1