From 98d0c1746b5c54a422a141ae1096e7a4381bff9f Mon Sep 17 00:00:00 2001
From: CodeX <ethanseow2002@gmail.com>
Date: Tue, 1 Nov 2022 20:29:28 +0800
Subject: [PATCH] Update README.md

---
 README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index dc14c34..85b626b 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,10 @@ beacon> screenshot_bof sad.bmp 1
 [*] started download of sad.bmp
 ```
 
+3. if downloaded over beacon, BMP can be viewed in Cobalt Strike by right clicking the download and clicking "Render BMP" (credit @BinaryFaultline)
+![image](https://user-images.githubusercontent.com/29991665/199232459-0601e5d8-d534-4f05-bde4-c8acf3bd3c12.png)
+
+
 ## Notes
 - no evasion is performed, which should be fine since the WinAPIs used are not malicious
 
@@ -36,4 +40,4 @@ Cobalt Strike uses a technique known as fork & run for many of its post-ex capab
 - Made using https://github.com/securifybv/Visual-Studio-BOF-template
 - Save BMP to file from https://stackoverflow.com/a/60667564
 - in memory download from https://github.com/anthemtotheego/CredBandit
-- @BinaryFaultline for BMP rendering in aggressorscript, and screenshot callback branch
\ No newline at end of file
+- @BinaryFaultline for BMP rendering in aggressorscript, and screenshot callback branch