spawn
Process spawner
A Cobalt Strike Beacon tool that spawns a sacrificial process to execute shellcode, using techniques like Arbitrary Code Guard and PPID spoofing to evade detection.
Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.
429 stars
13 watching
69 forks
Language: C
last commit: over 1 year ago Related projects:
| Repository | Description | Stars |
|---|---|---|
| boku7/halosgate-ps | A Cobalt Strike Beacon Object File (BOF) that uses custom syscaller code to make direct system calls to retrieve process information on the target system. | 94 |
 cobalt-strike/unhook-bof | Removes API hooks from a malicious process | 54 |
| boku7/hollow | A tool that enables remote process shellcode execution using the Early Bird injection technique | 266 |
 airbus-cert/invoke-bof | Loads and executes a malicious payload in a Windows system using PowerShell. | 246 |
| cobalt-strike/bof-vs | A Beacon Object File Visual Studio template project for creating malicious code executables | 138 |
| boku7/injectamsibypass | A tool that bypasses AMSI in a remote process with code injection. | 377 |
| boku7/injectetwbypass | Tool to bypass ETW (Event Tracing for Windows) security measure in remote processes by injecting a custom syscall | 277 |
 riccardoancarani/bofs | Utilities for Cobalt Strike's Beacon Object Files to simplify working with shellcode and system processes | 111 |
 outflanknl/findobjects-bof | An exploit tool that uses direct system calls to enumerate processes based on specific loaded modules or process handles | 266 |
 b1tg/cobaltstrike-beacon-rust | A Cobalt Strike beacon implementation in Rust for creating malicious network connections | 177 |
 octoberfest7/dropspawn_bof | A CobaltStrike payload that uses DLL hijacking to spawn additional Beacons on Windows systems | 216 |
 burpheart/cs_mock | A tool to simulate a Cobalt Strike beacon connection packet by parsing the payload and extracting RSA public key | 79 |
 nvisosecurity/cobaltwhispers | An aggressor script that allows Cobalt Strike to perform process injection and persistence by leveraging direct syscalls to bypass EDR/AV systems. | 227 |
 guervild/bofs | Beacon object files for Cobalt Strike | 159 |
| cobalt-strike/callstackmasker | A proof-of-concept technique for dynamically spoofing an application's call stack using timers. | 250 |