COBALT STRIKE |
| 2021-09-15 | Brad Duncan | Hancitor campaign abusing Microsoft's OneDrive |
| 2021-08-11 | Brad Duncan | TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike |
| 2021-07-09 | Brad Duncan | Hancitor tries XLL as initial malware file |
| 2021-06-30 | Brad Duncan | June 2021 Forensic Contest: Answers and Analysis |
| 2021-03-03 | Brad Duncan | Qakbot infection with Cobalt Strike |
| 2021-02-03 | Brad Duncan | Excel spreadsheets push SystemBC malware |
| 2019-11-20 | Brad Duncan | Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike |
COBALT |
| 2021-11-07/a> | Didier Stevens | Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory |
| 2021-11-06/a> | Didier Stevens | Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory |
| 2021-10-25/a> | Didier Stevens | Decrypting Cobalt Strike Traffic With a "Leaked" Private Key |
| 2021-09-15/a> | Brad Duncan | Hancitor campaign abusing Microsoft's OneDrive |
| 2021-08-11/a> | Brad Duncan | TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike |
| 2021-07-09/a> | Brad Duncan | Hancitor tries XLL as initial malware file |
| 2021-06-30/a> | Brad Duncan | June 2021 Forensic Contest: Answers and Analysis |
| 2021-05-30/a> | Didier Stevens | Video: Cobalt Strike & DNS - Part 1 |
| 2021-03-15/a> | Didier Stevens | Finding Metasploit & Cobalt Strike URLs |
| 2021-03-03/a> | Brad Duncan | Qakbot infection with Cobalt Strike |
| 2021-02-14/a> | Didier Stevens | Video: tshark & Malware Analysis |
| 2021-02-03/a> | Brad Duncan | Excel spreadsheets push SystemBC malware |
| 2021-01-13/a> | Brad Duncan | Hancitor activity resumes after a hoilday break |
| 2020-11-23/a> | Didier Stevens | Quick Tip: Cobalt Strike Beacon Analysis |
| 2019-11-20/a> | Brad Duncan | Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike |
STRIKE |
| 2021-11-07/a> | Didier Stevens | Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory |
| 2021-11-06/a> | Didier Stevens | Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory |
| 2021-10-25/a> | Didier Stevens | Decrypting Cobalt Strike Traffic With a "Leaked" Private Key |
| 2021-09-15/a> | Brad Duncan | Hancitor campaign abusing Microsoft's OneDrive |
| 2021-08-11/a> | Brad Duncan | TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike |
| 2021-07-09/a> | Brad Duncan | Hancitor tries XLL as initial malware file |
| 2021-06-30/a> | Brad Duncan | June 2021 Forensic Contest: Answers and Analysis |
| 2021-05-30/a> | Didier Stevens | Video: Cobalt Strike & DNS - Part 1 |
| 2021-03-15/a> | Didier Stevens | Finding Metasploit & Cobalt Strike URLs |
| 2021-03-03/a> | Brad Duncan | Qakbot infection with Cobalt Strike |
| 2021-02-14/a> | Didier Stevens | Video: tshark & Malware Analysis |
| 2021-02-03/a> | Brad Duncan | Excel spreadsheets push SystemBC malware |
| 2021-01-13/a> | Brad Duncan | Hancitor activity resumes after a hoilday break |
| 2020-11-23/a> | Didier Stevens | Quick Tip: Cobalt Strike Beacon Analysis |
| 2019-11-20/a> | Brad Duncan | Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike |
https://www.sans.edu
