analyzing-cobalt-strike-beacon-configuration
CommunityMap Cobalt Strike beacon config for threat intel
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Analyze and extract Cobalt Strike beacon configuration from PE files, shellcode, and memory dumps to reveal C2 infrastructure and operator tradecraft.
Core Features & Use Cases
- TLV extraction and decoding to enumerate C2 servers, ports, sleep intervals, jitter, watermark, and malleable C2 profiles.
- Indicator generation for threat intel including domains, IPs, URIs, and named pipes.
- Use Case: During incident response or threat hunting, reconstruct beacon configurations to attribute activity and map infrastructure.
Quick Start
Analyze a beacon sample with the tool to generate a structured report and IOC list.
Dependency Matrix
Required Modules
dissect.cobaltstrike
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: analyzing-cobalt-strike-beacon-configuration Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#analyzing-cobalt-strike-beacon-configuration Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.