Detecting Cobalt Strike and Hancitor traffic in PCAP

#Netresecโ€‹ #Cobalt Strikeโ€‹ #CobaltStrikeโ€‹ #periodicityโ€‹ #Protocol Identificationโ€‹ #PIPIโ€‹ #CapLoaderโ€‹ #1768.pyโ€‹ #Windows Sandboxโ€‹ #PCAPโ€‹ #NSMโ€‹

This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you're going: ๐Ÿ˜ฑ OMG he's analyzing Windows malware on a Windows PC!!! Relax, I know what I'm doing. I have also taken the precaution of analyzing the PCAP f[...]

Read the full writeup in the blog post Detecting Cobalt Strike and Hancitor traffic in PCAP