https://twitter.com/Kostastsale/

https://www.coresecurity.com/products/cobalt-strike

https://www.youtube.com/playlist?list=PL9HO6M_MU2nfQ4kHSCzAQMqxQxH47d1no

https://www.cobaltstrike.com/help-beacon

https://blog.cobaltstrike.com/2014/01/14/cloud-based-redirectors-for-distributed-hacking/

https://blog.cobaltstrike.com/2014/01/14/cloud-based-redirectors-for-distributed-hacking/

https://thedfirreport.com/services/

https://thedfirreport.com/2021/03/08/bazar-drops-the-anchor/

https://thedfirreport.com/2021/01/31/bazar-no-ryuk/

https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/

https://github.com/rsmudge/Malleable-C2-Profiles

https://github.com/bluscreenofjeff/Malleable-C2-Randomizer

https://github.com/FortyNorthSecurity/C2concealer

https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/

https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/

https://blog.cobaltstrike.com/2021/02/09/learn-pipe-fitting-for-all-of-your-offense-projects/

https://labs.f-secure.com/blog/detecting-cobalt-strike-default-modules-via-named-pipe-analysis/

https://thedfirreport.com/2021/06/20/from-word-to-lateral-movement-in-1-hour/

https://newtonpaul.com/analysing-fileless-malware-cobalt-strike-beacon/#Injecting_into_memory_with_PowerShell

https://thedfirreport.com/2021/06/28/hancitor-continues-to-push-cobalt-strike/

https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/

https://thedfirreport.com/?s=process+injection

https://boschko.ca/cobalt-strike-process-injection/

https://redcanary.com/threat-detection-report/techniques/domain-trust-discovery/

https://thedfirreport.com/category/adfind/

https://thedfirreport.com/?s=powersploit

https://thedfirreport.com/?s=powerview

https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/

https://www.cobaltstrike.com/help-beacon

https://github.com/AlessandroZ/LaZagne

https://github.com/gentilkiwi/mimikatz

https://www.blacklanternsecurity.com/2020-12-04-DCSync

https://underdefense.com/how-to-detect-cobaltstrike-command-control-communication/

https://thedfirreport.com/2021/05/12/conti-ransomware/

https://stealthbits.com/blog/how-to-detect-pass-the-hash-attacks/

https://hausec.com/2021/07/26/cobalt-strike-and-tradecraft/

https://www.crowdstrike.com/blog/getting-the-bacon-from-cobalt-strike-beacon/

https://www.cobaltstrike.com/aggressor-script/index.html

https://www.cobaltstrike.com/aggressor-script/functions.html#

https://github.com/harleyQu1nn/AggressorScripts

https://github.com/timwhitez/Cobalt-Strike-Aggressor-Scripts

https://github.com/Und3rf10w/Aggressor-scripts

https://twitter.com/TheDFIRReport/status/1423361119926816776

https://github.com/rsmudge/ZeroLogon-BOF/blob/master/dist/zerologon.cna

https://twitter.com/r3dQu1nn

https://github.com/harleyQu1nn/AggressorScripts/blob/master/AVQuery.cna

https://github.com/tsale/TA_tooling/blob/main/Conti_enhancement_chain.cna

https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence

https://twitter.com/MichalKoczwara

https://twitter.com/wlesicki

https://twitter.com/bh4b3sh

https://www.mandiant.com/resources/defining-cobalt-strike-components

https://github.com/JPCERTCC/aa-tools/blob/master/cobaltstrikescan.py

https://blog.didierstevens.com/2020/11/07/1768-k/

https://redcanary.com/threat-detection-report/threats/cobalt-strike/

https://github.com/SigmaHQ/sigma/blob/c56cd2dfff6343f3694ef4fd606a305415599737/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/windows/pipe_created/sysmon_mal_cobaltstrike.yml

https://github.com/SigmaHQ/sigma/blob/c56cd2dfff6343f3694ef4fd606a305415599737/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_susp_adfind.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/windows/network_connection/sysmon_rundll32_net_connections.yml

https://github.com/SigmaHQ/sigma/blob/c56cd2dfff6343f3694ef4fd606a305415599737/rules/network/net_dns_c2_detection.yml

https://github.com/SigmaHQ/sigma/blob/c56cd2dfff6343f3694ef4fd606a305415599737/rules/windows/builtin/win_overpass_the_hash.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/windows/builtin/win_cobaltstrike_service_installs.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/windows/create_remote_thread/sysmon_cobaltstrike_process_injection.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/process_creation_cobaltstrike_load_by_rundll32.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/windows/registry_event/sysmon_cobaltstrike_service_installs.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_susp_wmic_proc_create_rundll32.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/windows/network_connection/sysmon_rundll32_net_connections.yml

https://github.com/SigmaHQ/sigma/blob/e7d9f1b4279a235406b61cc9c16fde9d7ab5e3ba/rules/windows/create_remote_thread/sysmon_suspicious_remote_thread.yml

https://github.com/SigmaHQ/sigma/blob/7f071d785157dfe185d845fad994aa6ec05ac678/rules/windows/network_connection/sysmon_powershell_network_connection.yml

https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/rules/windows/process_creation/win_susp_powershell_hidden_b64_cmd.yml

https://github.com/SigmaHQ/sigma/blob/eb382c4a59b6d87e186ee269805fe2db2acf250e/rules/network/net_susp_dns_b64_queries.yml

https://github.com/SigmaHQ/sigma/blob/eb382c4a59b6d87e186ee269805fe2db2acf250e/rules/network/zeek/zeek_default_cobalt_strike_certificate.yml

https://github.com/SigmaHQ/sigma/blob/eb382c4a59b6d87e186ee269805fe2db2acf250e/rules/network/net_high_txt_records_requests_rate.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/network/net_mal_dns_cobaltstrike.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/proxy/proxy_cobalt_amazon.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/proxy/proxy_cobalt_malformed_uas.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/proxy/proxy_cobalt_ocsp.yml

https://github.com/SigmaHQ/sigma/blob/master/rules/proxy/proxy_cobalt_onedrive.yml

https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

https://malpedia.caad.fkie.fraunhofer.de/yara/win.cobalt_strike

https://github.com/Neo23x0/signature-base/blob/master/yara/apt_cobaltstrike.yar

https://github.com/advanced-threat-research/Yara-Rules/blob/master/malware/MALW_cobaltstrike.yar

https://github.com/Neo23x0/signature-base/blob/master/yara/apt_cobaltstrike_evasive.yar

https://github.com/avast/ioc/blob/master/CobaltStrike/yara_rules/cs_rules.yar