Dissect.cobaltstrike

This release mainly introduces support for parsing and decrypting Cobalt Strike C2 traffic from PCAP files and also adds Beacon Client support which allows you to connect to a Cobalt Strike Team Server and receive tasks and send back data like a real Beacon.

See also these new tutorials on how to use it:
* [Minimal Beacon Client](https://dissect-cobaltstrike.readthedocs.io/en/latest/tutorials/minimal_beacon_client.html)
* [Decrypt Cobalt Strike PCAPs](https://dissect-cobaltstrike.readthedocs.io/en/latest/tutorials/decrypt_cobaltstrike_pcaps.html)

Many thanks to sud0woodo for laying the groundwork for these features!

What's Changed
* Add new properties to `BeaconConfig`: public_key, port, jitter, sleeptime, submit_uri https://github.com/fox-it/dissect.cobaltstrike/pull/22 https://github.com/fox-it/dissect.cobaltstrike/pull/25
* Add `netbios_encode` and `netbios_decode` functions to utils.py https://github.com/fox-it/dissect.cobaltstrike/pull/23
* Add PE export stamps for Cobalt Strike 4.7 and 4.7.1 https://github.com/fox-it/dissect.cobaltstrike/pull/24
* Add support for beacon client and decrypting traffic from PCAP files https://github.com/fox-it/dissect.cobaltstrike/pull/25
* Move `scripts/artifact.py` to it's own `beacon-artifact` CLI tool https://github.com/fox-it/dissect.cobaltstrike/pull/37
* Removed support for Python 3.6 (mainly due to some dependencies not supporting it anymore) https://github.com/fox-it/dissect.cobaltstrike/pull/30
* Introduced new pip `extras` flavours to `setup.py` https://github.com/fox-it/dissect.cobaltstrike/pull/25
* `dissect.cobaltstrike[c2]` - for if you want to communicate with Cobalt Strike Team Servers
* `dissect.cobaltstrike[pcap]` - for if you want to parse and decrypt PCAPs containing Beacon traffic
* `dissect.cobaltstrike[full]` - all of the above but also installs `rich` for prettier log output

Documentation
* Updated README.rst with screenshots and text for C2 and PCAP support https://github.com/fox-it/dissect.cobaltstrike/pull/39
* Get rid of `docs/requirements.txt` and use pip method for building readthedocs https://github.com/fox-it/dissect.cobaltstrike/pull/28 https://github.com/fox-it/dissect.cobaltstrike/pull/29
* Added tutorials:
* [Minimal Beacon Client](https://dissect-cobaltstrike.readthedocs.io/en/latest/tutorials/minimal_beacon_client.html)
* [Decrypt Cobalt Strike PCAPs](https://dissect-cobaltstrike.readthedocs.io/en/latest/tutorials/decrypt_cobaltstrike_pcaps.html)
* Added `scripts/*.py` to it's own [scripts](https://dissect-cobaltstrike.readthedocs.io/en/latest/scripts/index.html) section in documentation.
* Added new CLI tool documentation:
* [`beacon-artifact`](https://dissect-cobaltstrike.readthedocs.io/en/latest/tools/beacon-artifact.html) for dumping beacons created with ArtifactKit
* [`beacon-client`](https://dissect-cobaltstrike.readthedocs.io/en/latest/tools/beacon-client.html) for connecting to a Cobalt Strike Team Server as a beacon client
* [`beacon-pcap`](https://dissect-cobaltstrike.readthedocs.io/en/latest/tools/beacon-pcap.html) for parsing and decrypting Cobalt Strike C2 traffic in PCAP files

**Full Changelog**: https://github.com/fox-it/dissect.cobaltstrike/compare/v0.2.2...v1.0.0

What's Changed
* Added pe_export_stamp for CS 4.6 DNS Beacon by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/16
* Fixed missing DNS beacon settings in c2profile output (17) by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/18
* Add task_* c2profile settings that were introduced in Cobalt Strike 4.6 by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/20
* Add Cobalt Strike 4.7 settings and version info by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/19
* Add retain_file_offset helper to utils.py by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/21


**Full Changelog**: https://github.com/fox-it/dissect.cobaltstrike/compare/v0.2.1...v0.2.2

What's Changed
* Add PE export timestamps for Cobalt Strike 4.6 by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/13
* Fix small typo in docs by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/14
* Add u64, p64, u64be and p64be packing aliases by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/15


**Full Changelog**: https://github.com/fox-it/dissect.cobaltstrike/compare/v0.2.0...v0.2.1

What's Changed
* Also run unit tests on pypy3 by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/1
* Unbreak black by updating it to 22.3.0 by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/3
* Fixed exception handling in catch_sigpipe by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/2
* Add support for reading from stdin to beacon-dump by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/4
* Improved handling for empty or all zero xorkey buffer in utils.xor by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/5
* Refactor OSError exception handling in catch_sigpipe decorator by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/7
* Apply black --check and --diff options via .pre-commit-config.yaml only by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/8
* Determine Sphinx docs version from `dissect.cobaltstrike._version` by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/6
* Add process exit code to beacon-dump by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/9
* Refactor `pytest.raises` statements to use `match` keyword by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/10
* Add tests for `dissect.cobaltstrike.beacon` main function by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/11
* Update README.rst by yunzheng in https://github.com/fox-it/dissect.cobaltstrike/pull/12

New Contributors
* yunzheng made their first contribution in https://github.com/fox-it/dissect.cobaltstrike/pull/1

**Full Changelog**: https://github.com/fox-it/dissect.cobaltstrike/compare/v0.1.0...v0.2.0

Initial Release