# 1768.py
# Parse Cobalt Strike beacon configuration from shellcode or memory dumps
# FOR610 Labs: 3.4 | Sections: 3 | Author: Didier Stevens
# Docs: https://docs.remnux.org/discover-the-tools/examine+static+properties/deobfuscation

% cobalt-strike, beacon, c2-config, didier-stevens

# Basic usage
1768.py shellcode.bin


# --- Recipes (multi-tool chains) ---

# >> Parse Cobalt Strike Beacon Configuration
# Scan with YARA for CS signatures
yara-rules <sample>
# Extract beacon configuration
1768.py <sample_or_shellcode.bin>