Intro This is a blog post written for a project I recently released. The source code for it can be found here on Github. Background The design of Cobalt Strike’s Beacon Object Files is rather unique when compared to other runtime code execution implementations. These are small programs compiled into COFF object files which are loaded and executed by a COFF loader. Another addition that Beacon Object Files make is the concept of dynamic function resolution or DFR which allows the COFF to invoke functions from external DLLs.
When I was active in the red teaming space, one of my stated goals was to act on problems with solutions that would have utility 5-10 years from the time of their release. This long-term thinking w…
Linker for Beacon Object Files. Contribute to MEhrn00/boflink development by creating an account on GitHub.
Windows self-delete on 24H2 (@TKYNSEC), DNS rebinding (@yarlob), VSCode backdoor (@d1rkmtr), leak Google users' 📞# (@brutecat), Entra sync dumping (@hotnops), Delegations (@podalirius_), Chrome abuse for screenshots, mic, and camera access (@mrd0x), and more!