BruCON 0x0D has ended
Back To Schedule
Friday, October 8 • 10:30 - 12:30
Something Blue ... For The Blue Team FULL

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity full

In this 2 hour workshop, we will use new tools developed by Didier Stevens to deal with malicious Cobalt Strike beacons.

There used to be a time, that a blue teamer could say: "this sample I just analyzed is a Cobalt Strike beacon: I'm sure this is a pen test".
That is no longer the case: Cobalt Strike has become very popular with common criminals, and even some APT crews. Nowadays, if you encounter a Cobalt Strike sample, your organization is more likely to be under real attack than under simulated attack.

Didier has developed tools to extract the configuration of Cobalt Strike beacons, to detect Cobalt Strike beacons and to analyze/decrypt Cobalt Strike network traffic. And there are more tools to come.

These tools allow you to deal with Cobalt Strike beacons, without having to reverse engineer malicious code.

As usual, this workshop is 100% hands-on. Just a few slides, many exercises.

avatar for Didier Stevens

Didier Stevens

Didier Stevens (Microsoft MVP, SANS ISC Handler, ...) is a Senior Analyst working at NVISO (https://www.nviso.be). Didier has developed and published more than 100 tools, several of them popular in the security community.You can find his open source security tools on his IT secur... Read More →

Friday October 8, 2021 10:30 - 12:30 CEST
04. Orval Novotel