Using a Malver in a Sand Box to Capture Cobalt Strike

Cobald strike, while not without competition these days, is still a very popular post exploitation command and control tool. The executable here had a large amount of overlay data attached to it that was split into many small sections. So thhe figured they'r really too small for a stacless cobalt strike, a beacon. But there was a nice repeating pattern. That's often some nulbites at the end that wer, of course, then x ortan basy just reflect the key. And that's what tie plate wit was able to actually then deobfousate this particular segment.