Wednesday, October 27, 2021

BeaconEye: Hunts out CobaltStrike beacons and logs operator command output

BeaconEye

Introduction

BeaconEye scans running processes for active CobaltStrike beacons. When processes are found to be running beacon, BeaconEye will monitor each process for C2 activity.

How it works

BeaconEye attaches itself as a debugger to each process and will begin monitoring beacon activity for C2 traffic (HTTP/HTTPS beacons supported currently).

The AES keys used for encrypting C2 data and mallable profile are decoded on the fly, which enables BeaconEye to extract and decrypt beac…

Read More

Latest news
Related news