Reverse Engineering Cobalt Strike Beacon

Reverse Engineering Cobalt Strike chain example - Learn more in our Malware Reverse Engineering for Beginners series part 2, focused on packed malware samples: https://www.intezer.com/blog/incident...

Tools Used:
https://github.com/mandiant/flare-vm
https://x64dbg.com/
https://github.com/Sentinel-One/Cobal...
https://hex-rays.com/ida-pro/
https://github.com/avast/ioc/blob/mas...
https://analyze.intezer.com/
https://virustotal.github.io/yara/

Chapters
0:00 - Generate Cobalt Stike Payload
0:20 - Reverse Engineer Loader
1:02 - Execute Loader to unpack Stager shellcode
1:40 - Dump shellcode and identify with yara
2:30 - Execute Stager shellcode
2:54 - Unpack Beacon payload and run Endpoint scanner
3:55 - Analyze endpoint scan identifies Cobalt Strike in memory
4:30 - Dump Beacon and parse configuration