Jump to content

CW Security PSA Oct 31 2020 - Cobalt Strike and Mimikatz

Recommended Posts

So we're seeing this PSA from ConnectWise @ https://www.connectwise.com/company/trust, and we appreciate the information and guidelines but they left part of it a bit vague:

"Check for the presence of the tools Cobalt Strike and Mimikatz."

Great idea!

But... how? I mean, I can look for 'mimikatz.exe' or something, but that seems a bit brute-force and prone to foiling through obfuscation, and my initial bit of research on Cobalt Strike suggests that I'm more likely to find it by looking for open ports than by any particular EXE. Does anyone who's more into this side of things have better suggestions before I start cobbling together some monitoring & scripting?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...