Dissect.cobaltstrike

This release mainly fixes the compatibility with `dissect.cstruct` v4 and drops support for EOL Python versions going forward, the minimal requirement is now Python 3.9.

Python packages are now also automatically uploaded to pypi.org, including the dev packages from the main branch.
This means you can now install the latest development version using the `--pre` flag:

shell
$ pip install --pre dissect.cobaltstrike


What's Changed
* Pin sphinx_rtd_theme>=2.0 to fix readthedocs by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/57
* Update minimal Python requirement to 3.9 by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/58
* Compatibility with cstruct v4 by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/56
* Update GitHub Actions to use latest versions by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/59
* Update pre-commit checks to latest versions by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/60
* Migrate setuptools to full pyproject.toml only by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/61
* Switch GitHub workflow to dissect-ci.yml by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/62


**Full Changelog**: https://github.com/fox-it/dissect.cobaltstrike/compare/v1.1.0...v1.2.0

What's Changed
* Add `codespell` to `.pre-commit-config.yaml` and fixed typos by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/41
* Update git repo for flake8 by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/43
* Add Cobalt Strike 4.8 version detection by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/44
* Decode SETTING_DOMAINS using latin-1 instead of ascii codec by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/45
* Print beacon version information when running `beacon-dump -v` by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/46
* Improve support for Cobalt Strike v4.7 and v4.8 by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/47
* Updates to C2 and Client Code to better handle certain beacon configs by drb-ra in https://github.com/fox-it/dissect.cobaltstrike/pull/48
* Speed up finding non standard beacon XOR keys by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/49
* Switch to `ruff` linter by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/50
* Fix `tox -e build` by pinning Python version by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/51
* Pin dissect.cstruct < 4.0 for now by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/54

New Contributors
* drb-ra made their first contribution in https://github.com/fox-it/dissect.cobaltstrike/pull/48

**Full Changelog**: https://github.com/fox-it/dissect.cobaltstrike/compare/v1.0.0...v1.1.0

This release mainly introduces support for parsing and decrypting Cobalt Strike C2 traffic from PCAP files and also adds Beacon Client support which allows you to connect to a Cobalt Strike Team Server and receive tasks and send back data like a real Beacon.

See also these new tutorials on how to use it:
* [Minimal Beacon Client](https://dissect-cobaltstrike.readthedocs.io/en/latest/tutorials/minimal_beacon_client.html)
* [Decrypt Cobalt Strike PCAPs](https://dissect-cobaltstrike.readthedocs.io/en/latest/tutorials/decrypt_cobaltstrike_pcaps.html)

Many thanks to sud0woodo for laying the groundwork for these features!

What's Changed
* Add new properties to `BeaconConfig`: public_key, port, jitter, sleeptime, submit_uri https://github.com/fox-it/dissect.cobaltstrike/pull/22 https://github.com/fox-it/dissect.cobaltstrike/pull/25
* Add `netbios_encode` and `netbios_decode` functions to utils.py https://github.com/fox-it/dissect.cobaltstrike/pull/23
* Add PE export stamps for Cobalt Strike 4.7 and 4.7.1 https://github.com/fox-it/dissect.cobaltstrike/pull/24
* Add support for beacon client and decrypting traffic from PCAP files https://github.com/fox-it/dissect.cobaltstrike/pull/25
* Move `scripts/artifact.py` to it's own `beacon-artifact` CLI tool https://github.com/fox-it/dissect.cobaltstrike/pull/37
* Removed support for Python 3.6 (mainly due to some dependencies not supporting it anymore) https://github.com/fox-it/dissect.cobaltstrike/pull/30
* Introduced new pip `extras` flavours to `setup.py` https://github.com/fox-it/dissect.cobaltstrike/pull/25
* `dissect.cobaltstrike[c2]` - for if you want to communicate with Cobalt Strike Team Servers
* `dissect.cobaltstrike[pcap]` - for if you want to parse and decrypt PCAPs containing Beacon traffic
* `dissect.cobaltstrike[full]` - all of the above but also installs `rich` for prettier log output

Documentation
* Updated README.rst with screenshots and text for C2 and PCAP support https://github.com/fox-it/dissect.cobaltstrike/pull/39
* Get rid of `docs/requirements.txt` and use pip method for building readthedocs https://github.com/fox-it/dissect.cobaltstrike/pull/28 https://github.com/fox-it/dissect.cobaltstrike/pull/29
* Added tutorials:
* [Minimal Beacon Client](https://dissect-cobaltstrike.readthedocs.io/en/latest/tutorials/minimal_beacon_client.html)
* [Decrypt Cobalt Strike PCAPs](https://dissect-cobaltstrike.readthedocs.io/en/latest/tutorials/decrypt_cobaltstrike_pcaps.html)
* Added `scripts/*.py` to it's own [scripts](https://dissect-cobaltstrike.readthedocs.io/en/latest/scripts/index.html) section in documentation.
* Added new CLI tool documentation:
* [`beacon-artifact`](https://dissect-cobaltstrike.readthedocs.io/en/latest/tools/beacon-artifact.html) for dumping beacons created with ArtifactKit
* [`beacon-client`](https://dissect-cobaltstrike.readthedocs.io/en/latest/tools/beacon-client.html) for connecting to a Cobalt Strike Team Server as a beacon client
* [`beacon-pcap`](https://dissect-cobaltstrike.readthedocs.io/en/latest/tools/beacon-pcap.html) for parsing and decrypting Cobalt Strike C2 traffic in PCAP files

**Full Changelog**: https://github.com/fox-it/dissect.cobaltstrike/compare/v0.2.2...v1.0.0

What's Changed
* Added pe_export_stamp for CS 4.6 DNS Beacon by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/16
* Fixed missing DNS beacon settings in c2profile output (17) by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/18
* Add task_* c2profile settings that were introduced in Cobalt Strike 4.6 by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/20
* Add Cobalt Strike 4.7 settings and version info by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/19
* Add retain_file_offset helper to utils.py by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/21


**Full Changelog**: https://github.com/fox-it/dissect.cobaltstrike/compare/v0.2.1...v0.2.2

What's Changed
* Add PE export timestamps for Cobalt Strike 4.6 by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/13
* Fix small typo in docs by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/14
* Add u64, p64, u64be and p64be packing aliases by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/15


**Full Changelog**: https://github.com/fox-it/dissect.cobaltstrike/compare/v0.2.0...v0.2.1

What's Changed
* Also run unit tests on pypy3 by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/1
* Unbreak black by updating it to 22.3.0 by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/3
* Fixed exception handling in catch_sigpipe by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/2
* Add support for reading from stdin to beacon-dump by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/4
* Improved handling for empty or all zero xorkey buffer in utils.xor by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/5
* Refactor OSError exception handling in catch_sigpipe decorator by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/7
* Apply black --check and --diff options via .pre-commit-config.yaml only by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/8
* Determine Sphinx docs version from `dissect.cobaltstrike._version` by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/6
* Add process exit code to beacon-dump by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/9
* Refactor `pytest.raises` statements to use `match` keyword by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/10
* Add tests for `dissect.cobaltstrike.beacon` main function by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/11
* Update README.rst by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/12

New Contributors
* yunzheng made their first contribution in https://github.com/fox-it/dissect.cobaltstrike/pull/1

**Full Changelog**: https://github.com/fox-it/dissect.cobaltstrike/compare/v0.1.0...v0.2.0