Do you miss @cobaltstrikebot? If so, here's a blog post showing how you can pull Cobalt Strike SpawnTo and watermark info with Shodan and some PowerShell: https://forensicitguy.github.io/squeezing-cobalt-strike-intel-from-shodan/
Tony Lambert
@ForensicITGuy@infosec.exchange
Recovering sysadmin that now chases adversaries instead of uptime. Sr Malware Analyst
@redcanary
November 3, 2022
A fun yearly endeavor for me is contributing to the Red Canary Threat Detection Report, and the 2025 edition is out today! distilled into one report!
Get your free copy of our 2025 Threat Detection Report now. 
https://redcanary.com/threat-detection-report/
