Decoding malware C2 with CyberChef
This video tutorial demonstrates how malware XOR encrypted and obfuscated C2 traffic can be decoded with CyberChef. The analyzed PCAP files can be downloaded from malware-traffic-analysis.net. CyberChef recipe to decode the reverse shell traffic to 103.27.157.146:4444: From_Hex('Auto') XOR({'option'[...]
Read the full writeup in the blog post Decoding malware C2 with CyberChef.
Open full screen video player.