Search the Community
Showing results for tags 'capability'.
-
ScreenshotBOF An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. The screenshot was downloaded in memory. Why did I make this? Cobalt Strike uses a technique known as fork & run for many of its post-ex capabilities, including the screenshot command. While this behavior provides stability, it is now well-known and heavily monitored. This BOF is meant to provide a more OPSEC-safe version of the screenshot capability. Self Compilation git clone the repo: git clone open the solution in Visual Studio Build project BOF Save methods: drop file to disk download file over beacon (Cobalt Strike only) [hide][Hidden Content]]