hunting-for-cobalt-strike-beacons
CommunityDetect Cobalt Strike beacon network activity.
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Detects cobalt strike beacon activity in network traffic by correlating TLS fingerprints, JA3S/JARM hashes, HTTP C2 profiles, and beacon timing analysis.
Core Features & Use Cases
- Detection of default TLS certificate and JA3S/JARM fingerprints
- HTTP malleable C2 profile matching and timing-based beacon scoring
- Generates structured reports with suspect destinations and actionable guidance
- Applicable to SOC threat hunts, incident response, and blue-team exercises
Quick Start
Run the hunter against Zeek logs to produce a structured beacon detection report.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunting-for-cobalt-strike-beacons Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#hunting-for-cobalt-strike-beacons Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.