Cobaltstrike

This brief outlines detection strategies for default Cobalt Strike PowerShell beacons, which are used for command and control, by identifying specific function and variable names within PowerShell script block logs.

This brief details a detection for a PowerShell loader pattern commonly used with Cobalt Strike to decompress and execute payloads, often observed in scripted web delivery attacks.