https://blog.nviso.eu/2021/10/27/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-2/
Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 2 – NVISO Labs
We decrypt Cobalt Strike traffic using one of 6 private keys we found. In this blog post, we will analyze a Cobalt Strike infection by looking at a full packet...
cobalt strike usingknownkeys
https://blog.nviso.eu/2021/11/03/cobalt-strike-using-process-memory-to-decrypt-traffic-part-3/
Cobalt Strike: Using Process Memory To Decrypt Traffic – Part 3 – NVISO Labs
We decrypt Cobalt Strike traffic with cryptographic keys extracted from process memory. This series of blog posts describes different methods to decrypt Cobalt...
cobalt strike usingprocess