Seeking the Beacon |
|
Presenter: Roshan Maskey
Format: 30 mins Track: Main Location: The Amphitheatre Time: Sunday 1:00pm Abstract
Cobalt Strike is a popular Red Team tool that is built to evade detections. This talk will highlight how Cobalt Strike launcher injects Beacon payload into the target process, execution of in-memory payload, and lateral movement commands. This talk shows how Sysmon tracks the Beacon executing in-memory or Windows commands, and Windows event artifacts/logs created for respective Beacon commands. Speaker Bio: Roshan Maskey is an incident response consultant who hunts for evil. In his spare time, he codes and explores offensive toolkits. |