The blog post teaches how to bypass the YARA rule Windows_Trojan_CobaltStrike_f0b627fc.
random_replace_bytes.py - Made by me
-> Generates alternative shellcode sequences with NOPs bytes to replace signature bytes in Cobalt Strike's .bin file, bypassing the YARA rule Windows_Trojan_CobaltStrike_f0b627fc.
generate_rich_header.py - Made by White Knight Labs with minor improvements by me
-> Generates Rich header with junk assembly code.
generate_prepend_headers.py - Made by White Knight Labs with minor improvements by me
-> Generates prepend headers with random NOP assembly code.