forked from rsmudge/unhook-bof
-
Notifications
You must be signed in to change notification settings - Fork 16
Remove API hooks from a Beacon process.
License
Cobalt-Strike/unhook-bof
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
This is a Beacon Object File to refresh DLLs and remove their hooks. The code is from Cylance's Universal Unhooking research: https://blogs.blackberry.com/en/2017/02/universal-unhooking-blinding-security-software To use: Load unhook.cna into Cobalt Strike via Cobalt Strike -> Script Manager Run 'unhook' from Beacon To build: make This project derived from: Reflective DLL Injection BSD 3-Clause License Copyright (c) 2011, Stephen Fewer of Harmony Security (www.harmonysecurity.com) https://github.com/stephenfewer/ReflectiveDLLInjection ReflectiveDLLRefresher BSD 3-Clause License Copyright (c) 2017, Cylance Inc. https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher Unhook Meterpreter Extension BSD-3-Clause License 2006-2018, Rapid7, Inc. https://github.com/rapid7/metasploit-payloads/commits/master/c/meterpreter/source/extensions/unhook
About
Remove API hooks from a Beacon process.
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- C 99.6%
- Makefile 0.4%