Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

MiTM Cobalt Strike Network Traffic

published on 2021-12-11 10:14:58 UTC by Didier Stevens
Content:

I made a small PoC. cs-mitm. py is a mitmproxy script that intercepts Cobalt Strike traffic, decrypts it and injects its own commands. In this video, a malicious beacon is terminated by sending it an exit command. I selected a malicious beacon that uses one of the leaked private keys.

The script does not support data transforms, but that can be easily added, for example with code found in cs-parse-traffic.py.

Article: MiTM Cobalt Strike Network Traffic - published almost 3 years ago.

https://blog.didierstevens.com/2021/12/11/mitm-cobalt-strike-network-traffic/   
Published: 2021 12 11 10:14:58
Received: 2021 12 11 10:25:41
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor