This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. I bet you're going: ๐ฑ OMG he's analyzing Windows malware on a Windows PC!!! Relax, I know what I'm doing. I have also taken the precaution of analyzing the PCAP f[...]
Read the full writeup in the blog post Detecting Cobalt Strike and Hancitor traffic in PCAP