forked from rsmudge/unhook-bof
-
-
Notifications
You must be signed in to change notification settings - Fork 1
Remove API hooks from a Beacon process.
License
mgeeky/unhook-bof
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
This is a Beacon Object File to refresh DLLs and remove their hooks. The code is from Cylance's Universal Unhooking research: https://blogs.blackberry.com/en/2017/02/universal-unhooking-blinding-security-software To use: Load unhook.cna into Cobalt Strike via Cobalt Strike -> Script Manager Run 'unhook' from Beacon To build: x86: Open Visual Studio x86 Native Tools Command Prompt and type 'make' x64: Open Visual Studio x64 Croos Tools Command Prompt and type 'make' This project derived from: Reflective DLL Injection BSD 3-Clause License Copyright (c) 2011, Stephen Fewer of Harmony Security (www.harmonysecurity.com) https://github.com/stephenfewer/ReflectiveDLLInjection ReflectiveDLLRefresher BSD 3-Clause License Copyright (c) 2017, Cylance Inc. https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher Unhook Meterpreter Extension BSD-3-Clause License 2006-2018, Rapid7, Inc. https://github.com/rapid7/metasploit-payloads/commits/master/c/meterpreter/source/extensions/unhook
About
Remove API hooks from a Beacon process.
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- C 98.9%
- Batchfile 1.1%