all InfoSec news
Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution
Security Intelligence securityintelligence.com
In this post, we’ll review a simple technique that we’ve developed to encrypt Cobalt Strike’s Beacon in memory while executing BOFs to prevent a memory scan from detecting Beacon. Picture this — you’re on a red team engagement and your phish went through, your initial access payload got past EDR, your beacon is now living […]
The post Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution appeared first on Security Intelligence.
beacon bof cobalt cobaltstike cobalt strike edr encrypt endpoint detection and response (edr) engagement hide incident response intelligence & analytics memory phish picture this red team red team engagement review scan simple strike team threat hunting threat research x-force