This repository is meant to host the core files needed to create a Beacon Object File for use with Cobalt Strike

BOF Template

This repository is meant to host the core files needed to create a Beacon Object File for use with Cobalt Strike.

A Beacon Object File (BOF) is a compiled C program, written to a convention that allows it to execute within a Beacon process and use internal Beacon APIs. BOFs are a way to rapidly extend the Beacon agent with new post-exploitation features.

beacon.h

beacon.h contains definitions for several internal Beacon APIs. The function go is similar to main in any other C program. It's the function that's called by inline-execute and arguments are passed to it. BeaconOutput is an internal Beacon API to send output to the operator.

BOF Documentation

Community developed BOFs

Similar Resources

Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.

Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.

Cobalt Strike BOF - Inject AMSI Bypass Cobalt Strike Beacon Object File (BOF) that bypasses AMSI in a remote process with code injection. Running inje

Nov 15, 2022

Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++, the architecture and usage like Cobalt Strike

Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++, the architecture and usage like Cobalt Strike

Khepri Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ Description Khepri is a Cross-platform agent, the archi

Nov 20, 2022

Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes

Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes

HalosGate Processlist Cobalt Strike BOF Cobalt Strike Beacon Object File (BOF) that uses a custom HalosGate & HellsGate syscaller, written in assembly

Nov 9, 2022

Collection of BOFs for Cobalt Strike

Collection of BOFs for Cobalt Strike

Jul 27, 2022

Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.

Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.

Cobalt Strike User-Defined Reflective Loader Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. B

Nov 23, 2022

EVA3: using hellsgate in EVA to get the syscalls [tested with cobalt strike 4.3]

 EVA3: using hellsgate in EVA to get the syscalls [tested with cobalt strike 4.3]

EVA3: using hellsgate in EVA to get the syscalls [tested with cobalt strike 4.3] note that i dont claim that the idea is mine, this repo is probably

Oct 29, 2022

Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode

Hellsgate Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode Features: Using Syscalls from Hellsgate tech loading the shell

Nov 5, 2021

Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors".

 	Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as

COBALT STRIKE 4.4 Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to exe

Aug 21, 2022

Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions

Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions

xPipe Cobalt Strike BOF (x64) Cobalt Strike Beacon Object File (BOF) to list active Pipes & return their Owner & Discretionary Access Control List (DA

Nov 9, 2022
Comments
  • Updates related to the Cobalt Strike 4.6 release

    Updates related to the Cobalt Strike 4.6 release

    Made the following updates:

    • Added a link to this repository in the beacon.h
    • Updates to the testBeaconFormat.c file
    • Show an example where BeaconFormatToString now accepts a NULL if the length of the string is not needed. Fixed in CS version 4.6
Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.
Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.

Cobalt Strike "Where Am I?" Beacon Object File Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environmen

Nov 30, 2022
Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving
Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving

Beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.exe" by using DCOM object.

Nov 9, 2022
CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

CredBandit CredBandit is a proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process a

Nov 22, 2022
Nov 19, 2022
A Visual Studio template used to create Cobalt Strike BOFs
A Visual Studio template used to create Cobalt Strike BOFs

Introduction Cobalt Strike beacon object files (BOFs) is a feature that added to the beacon in order to allow rapid beacon extendibility in a more OPS

Nov 26, 2022
Load and execute COFF files and Cobalt Strike BOFs in-memory

COFFLoader2 This repo contains the source code of a Common Object File Format (COFF) loader, which is a rewrite of the research and implementation don

Nov 25, 2022
Collection of Beacon Object Files

Beacon Object Files Name Syntax ETW Patching etw stop / etw start API Function Utility read_function / check_function / patch_function <dll_path> <fun

Nov 24, 2022
Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR

Detect-Hooks Detect-Hooks is a proof of concept Beacon Object File (BOF) that attempts to detect userland API hooks in place by AV/EDR. The BOF will r

Nov 19, 2022
A Beacon Object File that creates a minidump of the LSASS process.
A Beacon Object File that creates a minidump of the LSASS process.

NanoDump A Beacon Object File that creates a minidump of the LSASS process. Features It uses syscalls (with SysWhispers2) for most operations You can

Nov 24, 2022
Beacon Object File allowing creation of Beacons in different sessions.
Beacon Object File allowing creation of Beacons in different sessions.

JumpSession_BOF This is a Beacon Object File allowing creation of Beacons in different sessions. Must be Elevated. This BOF was created on the heels o

Nov 18, 2022