# Blue Team

- [Detecting Cobalt Strike](/codexs-terminal-window/blue-team/detecting-cobalt-strike.md): Stuff that causes Cobalt Strike to be flagged, so we don't accidentally burn ourselves.
- [Sleep Mask Kit IOCs](/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs.md): YARA rule included!
- [Hunting Beacon in the heap](/codexs-terminal-window/blue-team/detecting-cobalt-strike/hunting-beacon-in-the-heap.md): WORK IN PROGRESS
- [Decrypting C2 traffic with known key](/codexs-terminal-window/blue-team/detecting-cobalt-strike/decrypting-c2-traffic-with-known-key.md): Reference: https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/