A few months ago, Google Cloud shared that it has identified 34 cracked versions of Cobalt Strike and released YARA Rules to detect specific versions of Cobalt Strike more likely to be leveraged by threat actors. The goal behind Google Cloud’s research is to make Cobalt Strike “harder for bad guys to abuse,” and IronNet believes a proactive approach to Cobalt Strike server detection is key in this community effort.
The post Detecting maliciously used Cobalt Strike infrastructure appeared first on Security Boulevard.