home/categories/debugging/mukul975-anthropic-cybersecurity-skills-skills-hunting-for-cobalt-strike-beacons-skill-md
debuggingtools
hunting-for-cobalt-strike-beacons
Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM fingerprints, HTTP C2 profile pattern matching, beacon jitter analysis, and named pipe detection via Zeek, Suricata, and Python PCAP analysis.
maintainer
mukul975
Mis à jour 4/6/2026
Étoiles
4240
Forks
464
quick start
Installation and usage
Detect Cobalt Strike beacon network activity using default TLS certificate signatures (serial 8BB00EE), JA3/JA3S/JARM fingerprints, HTTP C2 profile pattern matching, beacon jitter analysis, and named pipe detection via Zeek, Suricata, and Python PCAP analysis.
Installation
$ install --globalskills.sh
Utilisation
Après l'installation, vous pouvez utiliser ce skill en exécutant la commande suivante dans votre terminal :
skills use hunting-for-cobalt-strike-beacons