https://twitter.com/Kostastsale/
https://www.coresecurity.com/products/cobalt-strike
https://www.youtube.com/playlist?list=PL9HO6M_MU2nfQ4kHSCzAQMqxQxH47d1no
https://www.cobaltstrike.com/help-beacon
https://blog.cobaltstrike.com/2014/01/14/cloud-based-redirectors-for-distributed-hacking/
https://blog.cobaltstrike.com/2014/01/14/cloud-based-redirectors-for-distributed-hacking/
https://thedfirreport.com/services/
https://thedfirreport.com/2021/03/08/bazar-drops-the-anchor/
https://thedfirreport.com/2021/01/31/bazar-no-ryuk/
https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/
https://github.com/rsmudge/Malleable-C2-Profiles
https://github.com/bluscreenofjeff/Malleable-C2-Randomizer
https://github.com/FortyNorthSecurity/C2concealer
https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
https://blog.cobaltstrike.com/2021/02/09/learn-pipe-fitting-for-all-of-your-offense-projects/
https://labs.f-secure.com/blog/detecting-cobalt-strike-default-modules-via-named-pipe-analysis/
https://thedfirreport.com/2021/06/20/from-word-to-lateral-movement-in-1-hour/
https://newtonpaul.com/analysing-fileless-malware-cobalt-strike-beacon/#Injecting_into_memory_with_PowerShell
https://thedfirreport.com/2021/06/28/hancitor-continues-to-push-cobalt-strike/
https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
https://thedfirreport.com/?s=process+injection
https://boschko.ca/cobalt-strike-process-injection/
https://redcanary.com/threat-detection-report/techniques/domain-trust-discovery/
https://thedfirreport.com/category/adfind/
https://thedfirreport.com/?s=powersploit
https://thedfirreport.com/?s=powerview
https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/
https://www.cobaltstrike.com/help-beacon
https://github.com/AlessandroZ/LaZagne
https://github.com/gentilkiwi/mimikatz
https://www.blacklanternsecurity.com/2020-12-04-DCSync
https://underdefense.com/how-to-detect-cobaltstrike-command-control-communication/
https://thedfirreport.com/2021/05/12/conti-ransomware/
https://stealthbits.com/blog/how-to-detect-pass-the-hash-attacks/
https://hausec.com/2021/07/26/cobalt-strike-and-tradecraft/
https://www.crowdstrike.com/blog/getting-the-bacon-from-cobalt-strike-beacon/
https://www.cobaltstrike.com/aggressor-script/index.html
https://www.cobaltstrike.com/aggressor-script/functions.html#
https://github.com/harleyQu1nn/AggressorScripts
https://github.com/timwhitez/Cobalt-Strike-Aggressor-Scripts
https://github.com/Und3rf10w/Aggressor-scripts
https://twitter.com/TheDFIRReport/status/1423361119926816776
https://github.com/rsmudge/ZeroLogon-BOF/blob/master/dist/zerologon.cna
https://twitter.com/r3dQu1nn
https://github.com/harleyQu1nn/AggressorScripts/blob/master/AVQuery.cna
https://github.com/tsale/TA_tooling/blob/main/Conti_enhancement_chain.cna
https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence
https://twitter.com/MichalKoczwara
https://twitter.com/wlesicki
https://twitter.com/bh4b3sh
https://www.mandiant.com/resources/defining-cobalt-strike-components
https://github.com/JPCERTCC/aa-tools/blob/master/cobaltstrikescan.py
https://blog.didierstevens.com/2020/11/07/1768-k/
https://redcanary.com/threat-detection-report/threats/cobalt-strike/
https://github.com/SigmaHQ/sigma/blob/c56cd2dfff6343f3694ef4fd606a305415599737/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/pipe_created/sysmon_mal_cobaltstrike.yml
https://github.com/SigmaHQ/sigma/blob/c56cd2dfff6343f3694ef4fd606a305415599737/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_susp_adfind.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/network_connection/sysmon_rundll32_net_connections.yml
https://github.com/SigmaHQ/sigma/blob/c56cd2dfff6343f3694ef4fd606a305415599737/rules/network/net_dns_c2_detection.yml
https://github.com/SigmaHQ/sigma/blob/c56cd2dfff6343f3694ef4fd606a305415599737/rules/windows/builtin/win_overpass_the_hash.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/builtin/win_cobaltstrike_service_installs.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/create_remote_thread/sysmon_cobaltstrike_process_injection.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/process_creation_cobaltstrike_load_by_rundll32.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/registry_event/sysmon_cobaltstrike_service_installs.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_susp_wmic_proc_create_rundll32.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/network_connection/sysmon_rundll32_net_connections.yml
https://github.com/SigmaHQ/sigma/blob/e7d9f1b4279a235406b61cc9c16fde9d7ab5e3ba/rules/windows/create_remote_thread/sysmon_suspicious_remote_thread.yml
https://github.com/SigmaHQ/sigma/blob/7f071d785157dfe185d845fad994aa6ec05ac678/rules/windows/network_connection/sysmon_powershell_network_connection.yml
https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_susp_powershell_hidden_b64_cmd.yml
https://github.com/SigmaHQ/sigma/blob/eb382c4a59b6d87e186ee269805fe2db2acf250e/rules/network/net_susp_dns_b64_queries.yml
https://github.com/SigmaHQ/sigma/blob/eb382c4a59b6d87e186ee269805fe2db2acf250e/rules/network/zeek/zeek_default_cobalt_strike_certificate.yml
https://github.com/SigmaHQ/sigma/blob/eb382c4a59b6d87e186ee269805fe2db2acf250e/rules/network/net_high_txt_records_requests_rate.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/network/net_mal_dns_cobaltstrike.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/proxy/proxy_cobalt_amazon.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/proxy/proxy_cobalt_malformed_uas.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/proxy/proxy_cobalt_ocsp.yml
https://github.com/SigmaHQ/sigma/blob/master/rules/proxy/proxy_cobalt_onedrive.yml
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike
https://malpedia.caad.fkie.fraunhofer.de/yara/win.cobalt_strike
https://github.com/Neo23x0/signature-base/blob/master/yara/apt_cobaltstrike.yar
https://github.com/advanced-threat-research/Yara-Rules/blob/master/malware/MALW_cobaltstrike.yar
https://github.com/Neo23x0/signature-base/blob/master/yara/apt_cobaltstrike_evasive.yar
https://github.com/avast/ioc/blob/master/CobaltStrike/yara_rules/cs_rules.yar