This blog post will cover the Cobalt Strike DLL stager's anatomy, design choices and highlight ways to reduce both log footprint and time-to-shellcode.
Anatomy of Cobalt Strike’s DLL Stager
Author: Maxime Thiebaut
Maxime Thiebaut is a GCFA-certified intrusion analyst in NVISO's Managed Detection & Response team. He spends most of his time investigating incidents and improving detection capabilities. Previously, Maxime worked on the SANS SEC699 course. Besides his coding capabilities, Maxime enjoys reverse engineering samples observed in the wild.