This repository contains:
analyze.py
: a script to analyze a Cobalt Strike beacon (python analyze.py BEACON
)extract.py
; extract a beacon from an encrypted beaconlib.py
: library containing functions for the other scriptsoutput.csv
: CSV file containing CS servers identified online in Dec 2020rules.yar
: Yara rules for CS beaconsscan_list.py
: script to scan a list of servers (python scan_list.py FILE
)scan.py
: script to scan a server (python scan.py IP
)
You can see my blog post Analyzing Cobalt Strike for Fun and Profit for more information.
Credits : Amnesty Tech