The Sleep Mask Kit
The Sleep Mask Kit is the source code for the sleep mask function that is executed to obfuscate Beacon, in memory, prior to sleeping. This obfuscation technique may be used to identify Beacon. To defeat this detection, Cobalt Strike provids an aggressor script that allows the user to modify how the sleep mask function looks in memory. With the 4.5 release a list of heap records to mask and unmask is included. Go to Help -> Arsenal to download the Arsenal Kit which includes the Sleep Mask Kit. Your license key is required.
For more information on the Sleep Mask Kit see the arsenal-kit/README.md and arsenal-kit/kits/sleepmask/README.md files.