BOFMask
Beacon masking
A proof-of-concept project demonstrating how to mask Beacon's payload execution in Cobalt Strike while executing a user-provided BOF.
108 stars
2 watching
26 forks
Language: C
last commit: over 1 year ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 crypt0p3g/bof-collection | A collection of beacon object files designed to be used in a remote access tool like Cobalt Strike. | 170 |
 cobalt-strike/unhook-bof | Removes API hooks from a malicious process | 54 |
 riccardoancarani/bofs | Utilities for Cobalt Strike's Beacon Object Files to simplify working with shellcode and system processes | 111 |
 pwn1sher/cs-bofs | A collection of compiled beacon object files from the CobaltStrike platform. | 99 |
 boku7/halosgate-ps | A Cobalt Strike Beacon Object File (BOF) that uses custom syscaller code to make direct system calls to retrieve process information on the target system. | 94 |
| cobalt-strike/bof-vs | A Beacon Object File Visual Studio template project for creating malicious code executables | 138 |
 b1tg/cobaltstrike-beacon-rust | A Cobalt Strike beacon implementation in Rust for creating malicious network connections | 177 |
 guervild/bofs | Beacon object files for Cobalt Strike | 159 |
 zu1k/beacon_hook_bypass_memscan | Bypassing memory scanning to evade detection by the Karbenz CASB (Content Awareness Security Platform) security solution | 24 |
 burpheart/cs_mock | A tool to simulate a Cobalt Strike beacon connection packet by parsing the payload and extracting RSA public key | 79 |
| boku7/injectamsibypass | A tool that bypasses AMSI in a remote process with code injection. | 377 |
 3lp4tr0n/beaconhunter | A tool for detecting and responding to potential Cobalt Strike beacons using Extended Trace Record (ETW) tracing | 481 |
| boku7/spawn | A Cobalt Strike Beacon tool that spawns a sacrificial process to execute shellcode, using techniques like Arbitrary Code Guard and PPID spoofing to evade detection. | 429 |
 apr4h/cobaltstrikescan | A tool for detecting and parsing CobaltStrike beacon configuration from files or process memory. | 900 |
 binarydefense/beacon-fronting | A command line tool to simulate network beacon patterns and domain fronting for testing detection systems | 65 |