Extracting Cobalt Strike from Windows Error Reporting
Windows Error Reporting is an extremely useful but under utilised artifact. This entry goes into how we can extract malware from the Windows Error Reporting process dumps.
Cobalt Strike DFIR: Listening to the Pipes
A lot of work has been done on the naming schemes of Cobalt Strike Named Pipes, but how do we take our analysis to the next step?