Cracking the Beacon

Speakers:

- Derek Ditch (GitHub: @dcode)
- Jessica David (GitHub: @jeska)

Malware can be 'fowl'
But we can 'quack' its secrets
With our friend malduck

---

Repos:

• https://github.com/elastic/mwise-2022
• https://github.com/elastic/malware-exquacker
• https://github.com/elastic/malware-exquacker-modules

Slides:

• Cracking the Beacon - David, Ditch

Blog:

• Collecting Cobalt Strike Beacons with the Elastic Stack: This blog details instructions for configuring your Elastic Security Endpoint policies to capture up to 4MB of process memory when malware is detected.