Cobalt Strike Resources

This repository contains:

• analyze.py: a script to analyze a Cobalt Strike beacon (python analyze.py BEACON)
• extract.py; extract a beacon from an encrypted beacon
• lib.py: library containing functions for the other scripts
• output.csv : CSV file containing CS servers identified online in Dec 2020
• rules.yar: Yara rules for CS beacons
• scan_list.py: script to scan a list of servers (python scan_list.py FILE)
• scan.py : script to scan a server (python can.py IP)

You can see my blog post Analyzing Cobalt Strike for Fun and Profit for more information.

Credits : Amnesty Tech