Introduction to Beacon Object Files in the context of red-teaming operations - Rafael Felix -EKO2023 скачать в хорошем качестве
Introduction to Beacon Object Files in the context of red-teaming operations - Rafael Felix -EKO2023
2 года назад
Не удается загрузить Youtube-плеер. Проверьте блокировку Youtube в вашей сети.
Повторяем попытку...
Повторяем попытку...
Скачать видео с ютуб по ссылке или смотреть без блокировок на сайте: Introduction to Beacon Object Files in the context of red-teaming operations - Rafael Felix -EKO2023 в качестве 4k
У нас вы можете посмотреть бесплатно Introduction to Beacon Object Files in the context of red-teaming operations - Rafael Felix -EKO2023 или скачать в максимальном доступном качестве, видео которое было загружено на ютуб. Для загрузки выберите вариант из формы ниже:
-
Информация по загрузке:
Скачать mp3 с ютуба отдельным файлом. Бесплатный рингтон Introduction to Beacon Object Files in the context of red-teaming operations - Rafael Felix -EKO2023 в формате MP3:
Если кнопки скачивания не
загрузились
НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если возникают проблемы со скачиванием видео, пожалуйста напишите в поддержку по адресу внизу
страницы.
Спасибо за использование сервиса ClipSaver.ru
Introduction to Beacon Object Files in the context of red-teaming operations - Rafael Felix -EKO2023
COFF stands for Common Object File Format, it is the file format generated by compilers after the code-generation stage, they typically include only the machine code or assembly code generated from the corresponding source code without any external dependencies. beacon_inline_execute is a custom Windows COFF loader made primarily by Cobalt Strike, which the main goal is to load a BOF (Beacon Object File) in-memory and handle custom internal functions that are implemented in the loader’s code and external functions: Windows API calls. BOFs can be used to execute code in the target machine, in-memory, without loading any shellcode or injecting into a remote process. They are executed in the current thread and its code is relocated in the memory space, being very useful for going under the radar. Not only BOFs are very useful for bypassing AV/EDR protection, but they can easily escalate the scope of C2 agents by providing the ability to load dynamic tasks. This is where Coffee comes in: a Rust COFF loader made with BOFs in mind. Coffee works by parsing the object file format, allocating necessary memory for execution, and calling the entry-point inside our loader’s process. Finally, the code gets executed and the output is written to the terminal. Coffee’s GitHub repository can be found at: https://github.com/hakaioffsec/coffee Coffee’s Blog Post can be found at: https://labs.hakaioffsec.com/coffee-a... Speaker: Rafael Felix has been working with malware development for 2 years, also being involved in the malware community for more than 4 years. He is also experienced in Incident and Response, specifically during malware inner workings analysis. Currently, Rafael is a researcher for [Hakai Offensive Security](https://labs.hakaioffsec.com/), being deeply involved with COFF format and BOFs and how they can be used in the context of red-team operations. -- Seguinos en la redes: X: / ekoparty LinkedIn: / 1053378 Instagram: / ekoparty Facebook: https://www.facebook/ekopartyconference Twitch: / ekoparty Visitá nuestra web: https://www.ekoparty.org/
Comments
