tomcarver16/BOF-DLL-Inject tomcarver16/BOF-DLL-Inject

  • Stars
    star
    145
  • Rank 252,946 (Top 6 %)
  • Language
    C
  • Created about 4 years ago
  • Updated about 4 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
tomcarver16/BOF-DLL-Inject
github

tomcarver16

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.

BOF-DLL-Inject

BOF DLL Inject is a custom Beacon Object File that uses manual map DLL injection in order to migrate a dll into a process all from memory.

Advantages

  • Less likely to be signatured
  • DLL payload stays in memory and never touches disk
  • Additional functionality is easy to implement
  • DLL isn't registered as a module including the EPROCESS structure in kernel land

Notes

To see how I developed this tool and further information on it see my blog post

Cobalt Strike BOF Executing

More Repositories

1

ADSearch

A tool to help query AD via the LDAP protocol
C#
438
star
2

AmsiHook

AmsiHook is a project I created to figure out a bypass to AMSI via function hooking.
C++
62
star
3

Athena

An injector that aims to be stealthy by using non suspicious API calls. Inspired by (https://github.com/FuzzySecurity/Sharp-Suite/tree/master/UrbanBishop)
C++
22
star
4

SimpleInjector

A simple injector that uses LoadLibraryA
C++
15
star
5

APC-Injector

A simple POC to demonstrate how APC injection can be carried out with the windows API
C++
4
star
6

Keylogger

A C++ Keylogger that utilises SetWindowsHookEx()
C++
3
star
7

Bootloader

I've created a bootloader as I wanted to better understand how underlying operating systems work.
Assembly
1
star
8

pentesting-scripts

Any scripts I create to speed up a security assessment.
Shell
1
star