# CS检测工具CobaltStrikeScan绕过

这是一个扫描进程检测CS Beacon的工具并且可以解析C2配置

<https://github.com/Apr4h/CobaltStrikeScan>

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2F-MM4rfbSjMQxOuqeNHrz%2F-MM5ArzBEnGgaqInDJMk%2Fimage.png?alt=media\&token=8d8b424d-bf82-459d-8c5f-1f32ae559ab1)

但是其实很容易就能绕过你在C2配置文件里把cleanup选项打开`set cleanup "true";`即可绕过

![](https://3226329500-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MDZyrMxFR2BnFjV82cS%2F-MM5B-H6TJpx9Q-5aK6E%2F-MM5BYYHiBN78KdnyEK8%2Fimage.png?alt=media\&token=11742661-9404-45f6-a658-176d23bb7704)