Skip to content
/ CB_process_Inject Public

A simple process injection kit for cobalt strike based on syscalls

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vgeorgiev90/CB_process_Inject

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
proc_spawn
proc_spawn
 
 
src
src
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
script_template.cna
script_template.cna
 
 

Repository files navigation

Process Inject Kit

Cobalt Strike 4.5 now supports two new Aggressor Script hooks PROCESS_INJECT_SPAWN and PROCESS_INJECT_EXPLICIT. These hooks allow a user to define how the fork&run and explicit injection techniques are implemented when executing post-exploitation commands instead of using the built-in techniques.

PROCESS_INJECT_SPAWN

Hook to allow users to define how the fork and run process injection technique is implemented when executing post exploitation commands using a Beacon Object File (BOF).

PROCESS_INJECT_EXPLICIT

Hook to allow users to define how the explicit process injection technique is implemented when executing post exploitation commands using a Beacon Object File (BOF).

Load into Cobalt Strike

Open the Scripts manager, Cobalt Strike -> Scripts

Load <output directory>/process_inject/processinject.cna

TODO

  • Fully implement our own process spawn with syscalls

About

A simple process injection kit for cobalt strike based on syscalls

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages