- This is a
Cobalt Strike
BOF
file (a mildly massaged port of @N4k3dTurtl3's existing PoC , meant to use ascertain information regarded importedDLLs
(via theENTRY_RESOURCE
) within current process that your beacon associated with.
- Given my current projects regarding
DLLs
, this is yet another blindspot I wanted to address after seeing @N4k3dTurtl3's work. - I wanted to support both
32-bit
AND64-bit
Beacon
sessions. - I wanted to have verbose or minified output, given an operator's desire
- I wanted to keep the original design of @N4k3dTurtl3's intact; minimal API calls.
- This is solved this by rolling our own from
grok
ed orcribbed
implementations elsewhere.
- This is solved this by rolling our own from
- In this case, you have two options:
- Use the existing, compiled object file, located in the
dist
directory (AKA proceed to major step two) - Compile from source via the
Makefile
cd src
make clean
make
- Use the existing, compiled object file, located in the
- Load the
Aggressor
file, in theScript Manager
, located in thedist
directory
- We're still using the
Win32
API andDynamic Function Resolution
. This is for you to determine as far as "risk", though this is limited to a single comparison function (stricmp
). - You may attempt to incur a privileged action without sufficient requisite permissions. I can't keep you from burning your hand.