qwqdanchun
/
ScreenshotBOF
mirror of https://github.com/qwqdanchun/ScreenshotBOF.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ScreenshotBOF/README.md

22 lines
956 B
Markdown
Raw Normal View History

first commit
2022-10-23 01:58:24 -07:00
# ScreenshotBOF
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot saved to disk as a file.
## Usage
1. import the screenshotBOF.cna script into Cobalt Strike
2. use the command screenshot_bof
3. Download the screenshot from the target e.g.
```
download screenshot.bmp
```
## Notes
- no evasion is performed, which should be fine since the WinAPIs used are not malicious
- in memory downloading of screenshots is planned to be added
- the filename can be changed in the source code.
## Why did I make this?
credits
2022-10-23 02:04:09 -07:00
Cobalt Strike uses a technique known as fork & run for many of its post-ex capabilities, including the screenshot command. While this behaviour provides stability, it is now well known and heavily monitored for. This BOF is meant to provide a more OPSEC safe version of the screenshot capability.
## Credits
- Made using https://github.com/securifybv/Visual-Studio-BOF-template