dissect.cobaltstrike

Overview

  • Installation
  • Examples
  • Tutorials
    • A Minimal Beacon Client
    • Decrypt Cobalt Strike PCAPs
  • Scripts

Tools

  • beacon-artifact
  • beacon-client
  • beacon-dump
  • beacon-pcap
  • beacon-xordecode
  • c2profile-dump

Reference

  • API reference
  • Structure definitions
  • C2Profile grammar
  • Beacon version identification

Links

  • GitHub Repository
  • GitHub Discussions
  • Python Package Index
dissect.cobaltstrike
  • Tutorials
  • View page source

Tutorials

These tutorials show how you can utilize dissect.cobaltstrike for some specific use cases.

  • A Minimal Beacon Client
    • Installation
    • Basic client
      • Task handler
      • Parsing Task data
      • Sending Callbacks
    • Subclassed client
    • Next steps
  • Decrypt Cobalt Strike PCAPs
    • Installation
    • Getting the Beacon
    • RSA Private Key
    • Decrypt C2 Traffic
    • Export C2 traffic as records
    • Dumping records with rdump
Previous Next

© Copyright 2022-2025, Fox-IT part of NCC Group.

Built with Sphinx using a theme provided by Read the Docs.