Seeking the Beacon
Presenter: Roshan Maskey
Format: 30 mins
Location: The Amphitheatre
Time: Sunday 1:00pm
Cobalt Strike is a popular Red Team tool that is built to evade detections. This talk will highlight how Cobalt Strike launcher injects Beacon payload into the target process, execution of in-memory payload, and lateral movement commands.
This talk shows how Sysmon tracks the Beacon executing in-memory or Windows commands, and Windows event artifacts/logs created for respective Beacon commands.
Roshan Maskey is an incident response consultant who hunts for evil. In his spare time, he codes and explores offensive toolkits.