all InfoSec news
RDPHijack-BOF - Cobalt Strike Beacon Object File (BOF) That Uses WinStationConnect API To Perform Local/Remote RDP Session Hijacking
Nov. 9, 2022, 11:45 a.m. | noreply@blogger.com (Unknown)
KitPloit - PenTest Tools! www.kitploit.com
Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking. With a valid access token / kerberos ticket (e.g., golden ticket) of the session owner, you will be able to hijack the session remotely without dropping any beacon/tool on the target server.
To enumerate sessions locally/remotely, you could use Quser-BOF.
Usage
Usage: bof-rdphijack [your console session id] [target session id to hijack] [password|server] [argument]
Command Description
-------- -----------
password Specifies the password of …
access token api beacon cobalt cobalt strike hijacking kerberos local object rdp session strike
More from www.kitploit.com / KitPloit - PenTest Tools!
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Cybersecurity Consultant- Governance, Risk, and Compliance team
@ EY | Tel Aviv, IL, 6706703
Professional Services Consultant
@ Zscaler | Escazú, Costa Rica
IT Security Analyst
@ Briggs & Stratton | Wauwatosa, WI, US, 53222
Cloud DevSecOps Engineer - Team Lead
@ Motorola Solutions | Krakow, Poland