Seeking the Beacon
Presenter: Roshan Maskey
Format: 30 mins
Location: The Amphitheatre
Cobalt Strike is a popular Red Team tool that is built to evade detections. This talk will highlight how Cobalt Strike launcher injects Beacon payload into the target process, execution of in-memory payload, and lateral movement commands.
This talk shows how Sysmon tracks the Beacon executing in-memory or Windows commands, and Windows event artifacts/logs created for respective Beacon commands.