drop memory dump or volatility strings · cobalt strike beacon strings and config markers · meterpreter empire heuristics · sleep jitter c2 extraction · runs locally
memory / strings
drop memory dump or strings export
or click
CS beacon strings · XOR config keys 0x69/0x2e · sleep/jitter/useragent markers
drop memory dump · volatility strings export