dissect.cobaltstrike.artifact
This module is responsible for dumping payloads from ArtifactKit generated executables.
Attributes
Classes
Namedtuple containing the ArtifactKit metadata and decoded payload |
Functions
|
Iterate over found |
|
Entrypoint for beacon-artifact |
Module Contents
- class dissect.cobaltstrike.artifact.ArtifactKitPayload[source]
Bases:
NamedTuple
Namedtuple containing the ArtifactKit metadata and decoded payload
- dissect.cobaltstrike.artifact.iter_artifactkit_payloads(fobj: BinaryIO, start_offset: int | None = 0, maxrange: int | None = None) Iterator[ArtifactKitPayload] [source]
Iterate over found
ArtifactKitPayload
by scanning fobj for possible ArtifactKit payloads.Side effects: file position due to seeking
Note
No additional checks are done on the ArtifactKit payloads to ensure that what is found is actually correct.
- Parameters:
fobj – file-like object
start_offset – starting offset to search for ArtifactKit payloads, if None it will search from current offset. (default: 0)
maxrange – maximum file offset to limit search to, if None it will search the entire file (default: None)
- Yields:
- dissect.cobaltstrike.artifact.main()[source]
Entrypoint for beacon-artifact