dissect.cobaltstrike

Overview

  • Installation
  • Examples
  • Tutorials
  • Scripts

Tools

  • beacon-artifact
  • beacon-client
  • beacon-dump
  • beacon-pcap
  • beacon-xordecode
  • c2profile-dump

Reference

  • API reference
  • Structure definitions
    • dissect.cobaltstrike.beacon.CS_DEF
    • dissect.cobaltstrike.pe.PE_DEF
    • dissect.cobaltstrike.c_c2.C2_DEF
    • dissect.cobaltstrike.guardrails.C_GUARDRAILS_DEF
  • C2Profile grammar
  • Beacon version identification

Links

  • GitHub Repository
  • GitHub Discussions
  • Python Package Index
dissect.cobaltstrike
  • Structure definitions
  • View page source

Structure definitions

dissect.cobaltstrike uses dissect.cstruct for parsing data using C structures.

  • dissect.cobaltstrike.beacon.CS_DEF
  • dissect.cobaltstrike.pe.PE_DEF
  • dissect.cobaltstrike.c_c2.C2_DEF
  • dissect.cobaltstrike.guardrails.C_GUARDRAILS_DEF
Previous Next

© Copyright 2022-2025, Fox-IT part of NCC Group.

Built with Sphinx using a theme provided by Read the Docs.