Skip to content

Repository of scripts from my blog post on bypassing the YARA rule Windows_Trojan_CobaltStrike_f0b627fc by generating alternative shellcode sequences.

License

Notifications You must be signed in to change notification settings

WafflesExploits/CobaltStrike-YARA-Bypass-f0b627fc

Repository files navigation

Repository of scripts from my blog post

The blog post teaches how to bypass the YARA rule Windows_Trojan_CobaltStrike_f0b627fc.

-> Generates alternative shellcode sequences with NOPs bytes to replace signature bytes in Cobalt Strike's .bin file, bypassing the YARA rule Windows_Trojan_CobaltStrike_f0b627fc.

Usage Example

generate_rich_header.py - Made by White Knight Labs with minor improvements by me

-> Generates Rich header with junk assembly code.

rich header usage example

generate_prepend_headers.py - Made by White Knight Labs with minor improvements by me

-> Generates prepend headers with random NOP assembly code.

prepend header usage example

About

Repository of scripts from my blog post on bypassing the YARA rule Windows_Trojan_CobaltStrike_f0b627fc by generating alternative shellcode sequences.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages