November 21, 2022

The Google Cloud security team has released a set of open-source YARA Rules and a VirusTotal Collection to help security practitioners flag and identify Cobalt Strike components and specific Cobalt Strike versions on their networks.

https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse

https://mastodon.social/@campuscodi/109376602832029191

Bear in mind that the source of the “leak” is “Winds of Change” a completely unverified source. They claim to be inside the FSB. But, here’s the thing, the FSB generally takes a poor view on people leaking secrets. As a rule they don’t let people just hang out at the office and tell the world what’s going on internally. Treason ain’t just a river in Egypt. 🤔

"AD is a system where any time you hack any computer on the network, you can become the domain controller, and own the whole company. That's just how it works.”

— @[email protected]

https://infosec.exchange/@raptor/109378388882420409

Reply

or to participate.