Sunday, June 26, 2022

Pointer: Hunting Cobalt Strike globally

Internal parameter tuning

As we got a solid understanding of how many resources to use, we started tuning and suiting other parameters for our model.

In my opinion, the lifetime of the Pointer lambda function should not be more than 60 seconds, because otherwise it will not be a true server-less tool with easy management, stable to errors and autoscaled architecture.

With a memory configuration of 3009 Mb and a default timeout of 60 seconds for one Lambda execution, we could scan from 10–20 t…

