• Stars
    star
    145
  • Rank 254,144 (Top 6 %)
  • Language
    C
  • Created about 4 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.

BOF-DLL-Inject

BOF DLL Inject is a custom Beacon Object File that uses manual map DLL injection in order to migrate a dll into a process all from memory.

Advantages

  • Less likely to be signatured
  • DLL payload stays in memory and never touches disk
  • Additional functionality is easy to implement
  • DLL isn't registered as a module including the EPROCESS structure in kernel land

Notes

To see how I developed this tool and further information on it see my blog post

Cobalt Strike BOF Executing