Standalone command line interface for launching BOF files outside of Cobalt Strike Beacon environment. Under the hood it uses our bof-launcher library to accomplish its main task: running BOFs files on Windows (x86, x64) and Linux/UNIX (x86, x64, ARM, AARCH64) platforms directly from a filesystem.
bof-launcher is an open-source library for loading, relocating and launching BOFs on Windows and UNIX/Linux systems. It's an alternative to Trustedsec's COFFLoader and ELFLoader with some very interesting features:
* Fully compatibile with Cobalt Strike's Beacon. Can compile and run every BOF available at Cobalt Strike Community Kit and every other open-source BOF that adheres to generic BOF template.
* Distributed as a fully standalone library with zero dependency (it does not even use libc).
* Fully integrable with programs written in C/C++ and/or Zig progamming languages.
* Adds capability to write BOFs in Zig programming language - which is a low-level langauge with a goal of being a "better C". All the features of the language and rich standard library can be used in BOFs (hash maps and other data structures, cross-platform OS layer, http, networking, threading, crypto and more).
* Asynchronous BOF execution - capability to launch more time-consuming BOFs in a separate thread.
* BOF process injection - capability to launch more risky BOFs (i.e. privilege escalation exploits) by injecting it to a new process.
* Seamless support for both Windows COFF and UNIX/Linux ELF formats.
* ARM and AARCH64 support on Linux.
* Used in our cli4bofs tool that allows for running BOF files directly from a filesystem.
* Very flexible and efficient API allowing for so called BOF chaining.
1 comment
[ 2.9 ms ] story [ 13.0 ms ] threadbof-launcher is an open-source library for loading, relocating and launching BOFs on Windows and UNIX/Linux systems. It's an alternative to Trustedsec's COFFLoader and ELFLoader with some very interesting features:
* Fully compatibile with Cobalt Strike's Beacon. Can compile and run every BOF available at Cobalt Strike Community Kit and every other open-source BOF that adheres to generic BOF template.
* Distributed as a fully standalone library with zero dependency (it does not even use libc).
* Fully integrable with programs written in C/C++ and/or Zig progamming languages.
* Adds capability to write BOFs in Zig programming language - which is a low-level langauge with a goal of being a "better C". All the features of the language and rich standard library can be used in BOFs (hash maps and other data structures, cross-platform OS layer, http, networking, threading, crypto and more).
* Asynchronous BOF execution - capability to launch more time-consuming BOFs in a separate thread.
* BOF process injection - capability to launch more risky BOFs (i.e. privilege escalation exploits) by injecting it to a new process.
* Seamless support for both Windows COFF and UNIX/Linux ELF formats.
* ARM and AARCH64 support on Linux.
* Used in our cli4bofs tool that allows for running BOF files directly from a filesystem.
* Very flexible and efficient API allowing for so called BOF chaining.