Cobalt Strike - Bypassing C2 Network Detections

This blog post demonstrates how to evade network-based detections for Cobalt Strike beacons by using the C2 Concealer tool to generate custom Malleable C2 profiles (including certificate choices) and shows a brief test where a custom profile allowed a C2 connection to bypass Symantec Endpoint Protection that blocked the default profile.