forked from rsmudge/unhook-bof
Remove API hooks from a Beacon process.
License
mgeeky/unhook-bof
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
master
Could not load branches
Nothing to show
Could not load tags
Nothing to show
{{ refName }}
default
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code
-
Clone
Use Git or checkout with SVN using the web URL.
Work fast with our official CLI. Learn more about the CLI.
- Open with GitHub Desktop
- Download ZIP
Sign In Required
Please sign in to use Codespaces.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching GitHub Desktop
If nothing happens, download GitHub Desktop and try again.
Launching Xcode
If nothing happens, download Xcode and try again.
Launching Visual Studio Code
Your codespace will open once ready.
There was a problem preparing your codespace, please try again.
This branch is 2 commits ahead of rsmudge:master.
Latest commit
Git stats
Files
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
This is a Beacon Object File to refresh DLLs and remove their hooks. The code is from Cylance's Universal Unhooking research: https://blogs.blackberry.com/en/2017/02/universal-unhooking-blinding-security-software To use: Load unhook.cna into Cobalt Strike via Cobalt Strike -> Script Manager Run 'unhook' from Beacon To build: x86: Open Visual Studio x86 Native Tools Command Prompt and type 'make' x64: Open Visual Studio x64 Croos Tools Command Prompt and type 'make' This project derived from: Reflective DLL Injection BSD 3-Clause License Copyright (c) 2011, Stephen Fewer of Harmony Security (www.harmonysecurity.com) https://github.com/stephenfewer/ReflectiveDLLInjection ReflectiveDLLRefresher BSD 3-Clause License Copyright (c) 2017, Cylance Inc. https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher Unhook Meterpreter Extension BSD-3-Clause License 2006-2018, Rapid7, Inc. https://github.com/rapid7/metasploit-payloads/commits/master/c/meterpreter/source/extensions/unhook
About
Remove API hooks from a Beacon process.
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- C 98.9%
- Batchfile 1.1%