Tag: Cobaltstrike
-
MemFiles: Bypassing Disk-Based Detection with CobaltStrike
MemFiles MemFiles is a toolkit for CobaltStrike that enables Operators to write files produced by the Beacon process into memory, rather than writing them to disk on the target system. It has been successfully tested on Windows 7, 10, and 11; corresponding server versions should work without issue. MemFiles is restricted to x64 Beacons. It…
-
OdinLdr: Cobaltstrike UDRL with memory evasion
OdinLdr Cobaltstrike UDRL with memory evasion Features: Redirect all WININET calls over callstack crafting Encrypt beacon during sleep Encrypt beacon heap during sleep Self delete of loader EXECUTION OF LOADER 1 – Create heap for beacon usage 2 – Allocation of RWX area with beacon size + UDRL size 3 – Copy the UDRL at…