This BOF Development & Tradecraft course, created by Alex Reid and Zero-Point Security, teaches how to write and unit test Beacon Object Files (BOFs) for use in Cobalt Strike and other C2 frameworks.
Training Content
1. Getting Started
- Welcome
- Author’s Note
- Software Requirements
- Windows Environment Setup
- Linux Environment Setup
- Resources
3. Practical 1: Ransomware Simulator
- Introduction
- Initial Setup
- Finding the Desktop folder
- Code Download
- Changing the Wallpaper and Leaving the Ransom Note
- Code Download
- Renaming Files
- Code Download
- Aggressor Script
- Code Download
- Closing
5. Practical 3: TGT Auto-Harvester
- Introduction
- Initial Setup
- Introduction to Stardust
- Calling Beacon APIs from Stardust
- Code Download
- Integrating Stardust into the BOF
- Code Download
- Monitoring for New Logins
- Code Download
- Dumping TGTs Automagically
- Code Download
- Patching BOF Arguments
- Code Download
- Teardown and Cleanup
- Code Download
- Aggressor Script
- Code Download
- Dancing with Sleep Mask
- Code Download
- Closing
- Resources
2. Introduction to BOF Development
- Background and Basics
- Windows API
- COFFLoader
- BOF Development on Linux
- BOF Development on Windows
- Aggressor Scripting
4. Practical 2: Iscsipl.exe UAC Bypass
- Introduction
- Initial Setup
- Code Review, Testing, and Analysis
- Initial Port of Code
- Code Download
- Replacing Resource Functionality
- Code Download
- Offensive Tradecraft
- Code Download
- Code Cleanup
- Code Download
- Aggressor Script
- Code Download
- Closing
- Resources
6. Update 1: BOFPatcher
- Background
- Design Process
- Code Download
7. Course Completion
- Course Evaluation (3 questions)
- Certificate of Course Completion
PRODUCT SUMMARY
Key Features
- Author: Alex Reid
- Level: Registered
- Study time: 5 hours
