description: The following analytic identifies the use of named-pipe impersonation for privilege escalation, commonly associated with Cobalt Strike and similar frameworks. It detects command-line ...
backscrub is licensed under the Apache License 2.0. See LICENSE file for details. Deprecated: Another option to build everything is to run make in the root directory of the repository. While this will ...
I'd like to thank my coauthors Adrian Schipor and Martin Zugec for their invaluable contributions to this research. TL;DR This investigation, conducted with support from the Georgian CERT functioning ...