Collection of beacon BOF.
A quick PoC that uses DCOM (ShellWindows) via beacon object files for lateral movement.You can either specify credentials or use the current user. To use the current user, just leave the domain, username, and password empty. A short article can be about using COM objects in C can be found here.
Similar concepts to the previous one, but an interesting learning experince. Code adopted from CIA Vault 8. This method uses the class Win32_Process.
This one uses WMI events for lateral movement. Most of the heavy lifting was done by wumb0in
I ported these techniques to BOF in order to learn more about Windows, CobaltStrike, and lateral movement. I have a curiosity that copy/pasting powershell commands is killing.
The DCOM lateral movement took sometime to figure out, and I did not find it done in other projects/repos. However, the WMI lateral movement parts are mainly done by others. What I did was minor modifications and porting it to BOF.
I am not a seasoned developer yet, so use with care. Before pushing these scripts to GIT, they were tested on an Enterprise environment where a network MDR service is provided, and no alerts were trigged. However, it goes without saying that you should modify and test the scripts before you run them in your engagements. If you need assistant, please do not hesistate to contact me. Also, if you are interested in having aggressor scripts for these BOF, please lemme know!
Yes, with a star, a retweet, or by inviting me to your Red Team after I graduate from uni.
Big thanks to rsmudge for his cintinous support and responsiveness to questions. The articles by domchell served as a great introduction and helped in shaping my priorities.