forked from rsmudge/unhook-bof
-
Notifications
You must be signed in to change notification settings - Fork 16
/
README
30 lines (20 loc) · 863 Bytes
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
This is a Beacon Object File to refresh DLLs and remove their hooks. The code is from Cylance's Universal Unhooking research:
https://blogs.blackberry.com/en/2017/02/universal-unhooking-blinding-security-software
To use:
Load unhook.cna into Cobalt Strike via Cobalt Strike -> Script Manager
Run 'unhook' from Beacon
To build:
make
This project derived from:
Reflective DLL Injection
BSD 3-Clause License
Copyright (c) 2011, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
https://github.com/stephenfewer/ReflectiveDLLInjection
ReflectiveDLLRefresher
BSD 3-Clause License
Copyright (c) 2017, Cylance Inc.
https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher
Unhook Meterpreter Extension
BSD-3-Clause License
2006-2018, Rapid7, Inc.
https://github.com/rapid7/metasploit-payloads/commits/master/c/meterpreter/source/extensions/unhook