search

Apr4h / CobaltStrikeScan

Scan files or process memory for CobaltStrike beacons and parse their configuration
MIT License
882 stars 114 forks source link

cs4.2 Scanning processes for injected threads ? #7

Closed badboycxcc closed 3 years ago

badboycxcc commented 3 years ago

image Listening is http no Malleable-C2-Profiles

Apr4h commented 3 years ago

Please provide the details included in this repo's bug report template so that I have enough information to triage the issue.

It would also be helpful if you could provide a memory dump of the process containing the loaded beacon. You could use Sysinternals' Procdump like so: procdump.exe -ma <PID>.

My first suggestion is to try downloading and using the latest version of the tool

badboycxcc commented 3 years ago 
font{
    line-height: 1.6;
}
ul,ol{
    padding-left: 20px;
    list-style-position: inside;
}

        The problem has been solved, can only analyze the process after cobaltstrike injection? Does not support analysis of beacon programs?

                            badboycxcc

                                badboycxcc@gmail.com

    签名由
    网易邮箱大师
    定制

On 3/10/2021 15:18,Apra<notifications@github.com> wrote:

Please provide the details included in this repo's bug report template so that I have enough information to triage the issue. It would also be helpful if you could provide a memory dump of the process containing the loaded beacon. You could use Sysinternals' Procdump like so: procdump.exe -ma . My first suggestion is to try downloading and using the latest version of the tool

—You are receiving this because you authored the thread.Reply to this email directly, view it on GitHub, or unsubscribe.