Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tomcarver16/BOF-DLL-Inject
Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.
https://github.com/tomcarver16/BOF-DLL-Inject
bof cobalt-strike cobaltstrike dll-injection red-teaming redteam
Last synced: 3 months ago
JSON representation
Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.
- Host: GitHub
- URL: https://github.com/tomcarver16/BOF-DLL-Inject
- Owner: tomcarver16
- Created: 2020-09-03T23:04:30.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2020-09-03T23:24:31.000Z (about 4 years ago)
- Last Synced: 2024-05-02T18:07:57.639Z (6 months ago)
- Topics: bof, cobalt-strike, cobaltstrike, dll-injection, red-teaming, redteam
- Language: C
- Homepage:
- Size: 19.5 KB
- Stars: 144
- Watchers: 6
- Forks: 22
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - tomcarver16/BOF-DLL-Inject - Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files. (C)
README
# BOF-DLL-Inject
BOF DLL Inject is a custom [Beacon Object File](https://www.cobaltstrike.com/help-beacon-object-files) that uses manual map
DLL injection in order to migrate a dll into a process all from memory.
## Advantages
- Less likely to be signatured
- DLL payload stays in memory and never touches disk
- Additional functionality is easy to implement
- DLL isn't registered as a module including the EPROCESS structure in kernel land
## Notes
To see how I developed this tool and further information on it see my blog [post](https://x64sec.sh/custom-dll-injection-with-cobalt-strike/)
