🎭 BOFMask
BOFMask is a tool designed to conceal Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF). By applying a XOR mask and modifying memory protection settings, BOFMask enables users to execute BOFs without exposing Beacon, thereby avoiding detection by EDR products that scan system memory.
Research:
https://securityintelligence.com/posts/how-to-hide-beacon-during-bof-execution/
Source:
https://github.com/xforcered/bofmask
#cobaltstrike #bof #sleepmask #redteam
BOFMask is a tool designed to conceal Cobalt Strike's Beacon payload while executing a Beacon Object File (BOF). By applying a XOR mask and modifying memory protection settings, BOFMask enables users to execute BOFs without exposing Beacon, thereby avoiding detection by EDR products that scan system memory.
Research:
https://securityintelligence.com/posts/how-to-hide-beacon-during-bof-execution/
Source:
https://github.com/xforcered/bofmask
#cobaltstrike #bof #sleepmask #redteam
Security Intelligence
Your BOFs are gross, put on a mask: How to hide beacon during BOF execution
Explore a simple technique developed to encrypt Cobalt Strike’s Beacon in memory while executing BOFs to prevent a memory scan from detecting Beacon.
❤🔥4
😴 Creating Object File Monstrosities with Sleep Mask and LLVM
The Mutator kit is now part of the Cobalt Strike Arsenal Kit. It allows you to mutate BOFs, sleep masks and more with LLVM.
Read about it on the blog:
🔗 https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm
#c2 #sleepmask #llvm #redteam
The Mutator kit is now part of the Cobalt Strike Arsenal Kit. It allows you to mutate BOFs, sleep masks and more with LLVM.
Read about it on the blog:
🔗 https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm
#c2 #sleepmask #llvm #redteam
👍5