| 2025-03-10 | Xavier Mertens | Shellcode Encoded in UUIDs |
| 2023-12-15 | Xavier Mertens | CSharp Payload Phoning to a CobaltStrike Server |
| 2023-12-05 | Didier Stevens | Cobalt Strike's "Runtime Configuration" |
| 2022-06-30 | Brad Duncan | Case Study: Cobalt Strike Server Lives on After Its Domain Is Suspended |
| 2022-03-16 | Brad Duncan | Qakbot infection with Cobalt Strike and VNC activity |
| 2022-01-09 | Didier Stevens | Extracting Cobalt Strike Beacons from MSBuild Scripts |
| 2021-11-07 | Didier Stevens | Video: Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory |
| 2021-11-06 | Didier Stevens | Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory |
| 2021-10-25 | Didier Stevens | Decrypting Cobalt Strike Traffic With a "Leaked" Private Key |
| 2021-08-11 | Brad Duncan | TA551 (Shathak) continues pushing BazarLoader, infections lead to Cobalt Strike |
| 2021-05-30 | Didier Stevens | Video: Cobalt Strike & DNS - Part 1 |
| 2021-03-15 | Didier Stevens | Finding Metasploit & Cobalt Strike URLs |
| 2021-02-14 | Didier Stevens | Video: tshark & Malware Analysis |
| 2021-01-13 | Brad Duncan | Hancitor activity resumes after a hoilday break |
| 2020-11-23 | Didier Stevens | Quick Tip: Cobalt Strike Beacon Analysis |
