Home Tips & Tricks Cobalt Strike Remote Threads Detection

Cobalt Strike Remote Threads Detection


Olaf Hartong has writted a blog post in which he shows how to use “Create Remote Thread” events to detect process injection which NoPowerShell relies on. NoPowerShell is a tool which can be used to execute certain PowerShell commands from Cobalt Strike without having to use PowerShell itself. Learn about this detection technique at Medium.

Load More Related Articles
Load More In Tips & Tricks

Leave a Reply

Your email address will not be published. Required fields are marked *