Seeking the Beacon

Presenter: Roshan Maskey​
Format: 30 mins
Track: Main
Location: The Amphitheatre
Time: Sunday 1:00pm

Abstract
Cobalt Strike is a popular Red Team tool that is built to evade detections. This talk will highlight how Cobalt Strike launcher injects Beacon payload into the target process, execution of in-memory payload, and lateral movement commands.

​This talk shows how Sysmon tracks the Beacon executing in-memory or Windows commands, and Windows event artifacts/logs created for respective Beacon commands.   

Speaker Bio:
​​Roshan Maskey is an incident response consultant who hunts for evil. In his spare time, he codes and explores offensive toolkits.