You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ BeaconEye scans running processes for active CobaltStrike beacons. When process
8
8
9
9
## How it works
10
10
11
-
BeaconEye attaches itself as a debugger to each process and will begin monitoring beacon activity for C2 traffic (HTTP/HTTPS beacons supported currently).
11
+
If a suspected CobaltStrike beacon is found through scanning running processes, BeaconEye attaches itself as a debugger and will begin monitoring beacon activity for C2 traffic (HTTP/HTTPS beacons supported currently).
12
12
13
13
The AES keys used for encrypting C2 data and mallable profile are decoded on the fly, which enables BeaconEye to extract and decrypt beacon's output when commands are sent via the operator.
14
14
@@ -38,6 +38,8 @@ BeaconEye should be considered **ALPHA**, I'm keen to get feedback on 4.x beacon
38
38
*~~Add command line argument for targeting specific processes~~
39
39
* Add command line argument to specify output logging location
0 commit comments