Detecting a Cobalt Strike

A researcher who notified the ember of the unauthenticated remote code execution von, posted screen shots on twitter showing a working exploit. The tool apparently calls itself majusca if or majusaca,. If i pronounce it correctly, itis based on a chinesevert. And a couple more details about he tool can be find in sescotalus. Block Apparently is available for free and written in rust and go.