Want to detect Cobalt Strike on the network? Look to process memory

Enterprise security pros can detect malware samples in environments that incorporate the highly evasive Cobalt Strike attack code by analyzing artifacts in process memory, according to researchers with Palo Alto Networks’ Unit 42 threat intelligence unit. Cobalt Strike is possibly the best-known example of legitimate commercial security software – it was designed to help red teams test their organizations’ cyber defenses – that has been co-opted by threat groups that use it to get around those defenses.

Read full article on The Register

 


Date:

Categorie(s):

Tag(s):