Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.

Related tags

JSON BOFs
Overview

Beacon Object Files

Name Syntax
MiniDumpWriteDump minidumpwritedump <PID> <path_of_dmp?>

MiniDumpWriteDump BOF (64-bit only)

Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemory.

Syscalls generated using @jthuraisamy's SysWhispers and @Outflanknl's InlineWhispers.

Code is adapted from ReactOS's implementation of MiniDumpWriteDump at minidump.c.

You might also like...
Cobalt Strike Beacon Object File (BOF) that takes the name of of a PE file as an argument and spawns the process in a suspended state
Cobalt Strike Beacon Object File (BOF) that takes the name of of a PE file as an argument and spawns the process in a suspended state

Beacon Object File (BOF) that spawns an arbitrary process from beacons memory. Supports Parent Process ID (PPID) spoofing & blocking non-MS signed DLLs from loading into the processes memory (some EDR DLLs).

Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.
Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.

Cobalt Strike "Where Am I?" Beacon Object File Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environmen

Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving
Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving

Beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.exe" by using DCOM object.

CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

CredBandit CredBandit is a proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process a

Collection of Beacon Object Files

Beacon Object Files Name Syntax ETW Patching etw stop / etw start API Function Utility read_function / check_function / patch_function dll_path fun

Collection of BOFs for Cobalt Strike

Collection of BOFs for Cobalt Strike

Cobalt Strike BOF Files with Nim!
Cobalt Strike BOF Files with Nim!

BOF-Nim oh yeah baby I have an inkling it's possible, right now the problem seems to be getting the go function to be present in the Symbol table. No

Load and execute COFF files and Cobalt Strike BOFs in-memory

COFFLoader2 This repo contains the source code of a Common Object File Format (COFF) loader, which is a rewrite of the research and implementation don

"SaferCPlusPlus" is essentially a collection of safe data types intended to facilitate memory and data race safe C++ programming

A collection of safe data types that are compatible with, and can substitute for, common unsafe native c++ types.

Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.

Cobalt Strike BOF - Inject AMSI Bypass Cobalt Strike Beacon Object File (BOF) that bypasses AMSI in a remote process with code injection. Running inje

 SPAWN - Cobalt Strike BOF
SPAWN - Cobalt Strike BOF

Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.

Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++, the architecture and usage like Cobalt Strike
Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++, the architecture and usage like Cobalt Strike

Khepri Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ Description Khepri is a Cross-platform agent, the archi

Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes

HalosGate Processlist Cobalt Strike BOF Cobalt Strike Beacon Object File (BOF) that uses a custom HalosGate & HellsGate syscaller, written in assembly

Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.
Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.

Cobalt Strike User-Defined Reflective Loader Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. B

Section Mapping Process Injection (secinject): Cobalt Strike BOF

Section Mapping Process Injection (secinject): Cobalt Strike BOF Beacon Object File (BOF) that leverages Native APIs to achieve process injection thro

 EVA3: using hellsgate in EVA to get the syscalls [tested with cobalt strike 4.3]
EVA3: using hellsgate in EVA to get the syscalls [tested with cobalt strike 4.3]

EVA3: using hellsgate in EVA to get the syscalls [tested with cobalt strike 4.3] note that i dont claim that the idea is mine, this repo is probably

Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode

Hellsgate Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode Features: Using Syscalls from Hellsgate tech loading the shell

 	Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as
Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors".

COBALT STRIKE 4.4 Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to exe

Owner
Luke Roberts
Security Consultant @FSecureLABS | MEng Mathematical Computation, UCL | Interests focused around adversary emulation and macOS.
Luke Roberts
A generator of JSON parser & serializer C++ code from structure header files

JSON-CPP-gen This is a program that parses C++ structures from a header file and automatically generates C++ code capable of serializing said structur

Viktor Chlumský 12 Oct 13, 2022
A C++ library for localization using GNU gettext po files, based on boost spirit

spirit-po spirit-po is a header-only C++11 library that you can use for localization within the GNU gettext system, instead of using libintl. spirit-p

Chris Beck 40 Oct 21, 2022
An easy-to-use and competitively fast JSON parsing library for C++17, forked from Bitcoin Cash Node's own UniValue library.

UniValue JSON Library for C++17 (and above) An easy-to-use and competitively fast JSON parsing library for C++17, forked from Bitcoin Cash Node's own

Calin Culianu 24 Sep 21, 2022
Easy-to-use helpers for TDLib JSON.

easy-tg Easy-to-use helpers for TDLib JSON. Not completely tested yet. Dependencies tdlib json-c Functions Automatically handles authorization state c

Yuuta Liang 3 Nov 19, 2022
An easy to use C++ library for fetching words from Urban Dictionary

Urban++ A simple C++ library for fetching words from Urban Dictionary This README is also the documentation for this library. This is a very simple an

Nishant Mishra 2 Jun 6, 2022
Convert runtime_block_states*.json from steadfast to more simplified format and use on other platforms (e.g. nukkit)

block_state_converter Convert runtime_block_states*.json from steadfast to more simplified format and use on other platforms. Example for Nukkit:

Alex 1 May 12, 2022
Collection of Beacon Object Files (BOF) for Cobalt Strike

Various BOF collection Name Description ChromiumKeyDump BOF implementation of Chlonium tool to dump Chrome/Edge Masterkey and download Cookie/Login Da

Ruslan Sayfiev 138 Jan 3, 2023
This repository is meant to host the core files needed to create a Beacon Object File for use with Cobalt Strike

BOF Template This repository is meant to host the core files needed to create a Beacon Object File for use with Cobalt Strike. A Beacon Object File (B

Cobalt Strike 42 Nov 9, 2022
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.

FindObjects-BOF A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific modules or process

Outflank B.V. 247 Dec 28, 2022
A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.

WdToggle A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and circumvent Creden

Outflank B.V. 205 Dec 3, 2022