Open wuyoukm opened 2 years ago
Do you have the malleable profile available, or any other details you could share?
how to use the -m option please ? should I do -m PID of beacon? or name of exe ? beacause until now a I have got 3 beacon with 60s sleep time not detected at all with a publicly available malleable c2.
Just -m on it's own with no args. It will monitor all processes found. If it's not being detected -m wont help you though. There is a bug in the heap enumeration where some memory is missed the scanning stage. I haven't fixed this yet, but hope to push something later this evening that I hope will solve some missed detections.
Are you able to try with the latest commit?
Cobalt Strike4.3 Failed to scan 64-bit beacon