Patent · US Active

Probing for Cobalt Strike teamserver detection

US12294609B2 · kind B2 · utility

0Cited by

4References

20Claims

0Family size

Assignee

Palo Alto Networks, Inc. · US

Inventors

Yanhui Jia · Santa Clara, US
Shengming Xu · San Jose, US

Key dates

Filing date	Jul 29, 2022
Grant date	May 6, 2025
Priority date	—
Expiry date	Aug 21, 2042

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1416
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Techniques for probing for Cobalt Strike TeamServer detection are disclosed. In some embodiments, a system/process/computer program product for probing for Cobalt Strike TeamServer detection includes monitoring HyperText Transfer Protocol (HTTP), HTTPS, and/or Domain Name System (DNS) network traffic at a firewall; prefiltering the monitored HTTP, HTTPS, and/or DNS network traffic at the firewall to select a subset of the HTTP, HTTPS, and/or DNS network traffic to forward to a cloud security service; performing HTTP, HTTPS, and/or DNS probing of a target to detect whether the target is a Cobalt Strike TeamServer; and performing an action in response to detecting that the target is the Cobalt Strike TeamServer.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.