Just released a new @OutflankNL Cobalt Strike BOF project which uses direct system calls to enumerate processes for specific loaded modules or process handles. E.g. to find open handles to LSASS or processes with CLR loaded for execute-assembly spawnto. github.com/outflanknl/FindOb…

10:02 AM · Jan 11, 2021

2
111
229
Replying to @Cneelis @OutflankNL
I like those open lsass handles :D
1
0
3
Open Lsass handles, FTW 😜
0
0
0