Malware Unpacking With Hardware Breakpoints - Cobalt Strike Shellcode Loader
In previous posts here and here, we explored methods for extracting cobalt strike shellcode from script-based malware.
In this post, we'll explore a more complex situation where Cobalt Strike shellcode is loaded by a compiled executable .exe file. This will require the use of a debugger (x64dbg) in conjunction with Static Analysis (Ghidra) in order to perform a complete analysis.
