Seeking the Beacon |
|
Presenter: Roshan Maskey
Format: 30 mins Track: Main Location: The Amphitheatre Abstract
Cobalt Strike is a popular Red Team tool that is built to evade detections. This talk will highlight how Cobalt Strike launcher injects Beacon payload into the target process, execution of in-memory payload, and lateral movement commands. This talk shows how Sysmon tracks the Beacon executing in-memory or Windows commands, and Windows event artifacts/logs created for respective Beacon commands. |