Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Introduction to Beacon Object Files in Red-Team Operations

Ekoparty Security Conference via YouTube

Overview

Explore the world of Beacon Object Files (BOFs) and their applications in red-teaming operations through this informative conference talk. Delve into the Common Object File Format (COFF) and its role in compiler-generated files. Learn about beacon_inline_execute, a custom Windows COFF loader primarily used by Cobalt Strike, and its functionality in loading BOFs in-memory. Discover how BOFs can execute code on target machines without loading shellcode or injecting into remote processes, making them effective for bypassing AV/EDR protection and expanding C2 agent capabilities. Examine Coffee, a Rust-based COFF loader designed for BOFs, and understand its process of parsing object files, allocating memory, and executing code. Gain insights from speaker Rafael Felix, an experienced malware developer and researcher, on the inner workings of COFF format and BOFs in red-team operations.

Syllabus

Introduction to Beacon Object Files in the context of red-teaming operations - Rafael Felix -EKO2023

Taught by

Ekoparty Security Conference

Reviews

Start your review of Introduction to Beacon Object Files in Red-Team Operations

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.