analyzing-cobalt-strike-malleable-profiles
Analyzing Cobalt Strike Malleable Profiles
Instructions
Parse malleable C2 profiles to extract IOCs and detection opportunities using the pyMalleableC2 library. Combine with JARM fingerprinting to identify C2 servers.
from malleablec2 import Profile
# Parse a malleable profile from file
profile = Profile.from_file("amazon.profile")
# Extract global options (sleep, jitter, user-agent)
print(profile.ast.pretty())
# Access HTTP-GET block URIs and headers for network signatures
# Access HTTP-POST block for data exfiltration patterns
# Generate JARM fingerprints for known C2 infrastructure
More from mukul975/anthropic-cybersecurity-skills
acquiring-disk-image-with-dd-and-dcfldd
Create forensically sound bit-for-bit disk images using dd and dcfldd while preserving evidence integrity through
119analyzing-api-gateway-access-logs
Parses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect BOLA/IDOR attacks, rate limit bypass,
103analyzing-android-malware-with-apktool
Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source
99analyzing-cyber-kill-chain
Analyzes intrusion activity against the Lockheed Martin Cyber Kill Chain framework to identify which phases
90analyzing-email-headers-for-phishing-investigation
Parse and analyze email headers to trace the origin of phishing emails, verify sender authenticity, and identify
83analyzing-active-directory-acl-abuse
Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and
83