Nothing groundbreaking, but ported the ETW patch from @_xpn_ (mdsec.co.uk/2020/03/hiding-y…) to a beacon object file github.com/ajpc500/BOFs/tree…
6
36
94
Added a more general purpose BOF to the repo for reading loaded module functions, and comparing and patching them from on-disk DLLs. github.com/ajpc500/BOFs/tree…
4:33 PM · Dec 27, 2020
1
5
9
Credit goes to @spotheplanet for the DLL parsing code I adapted from ired.team/offensive-security…
0
3
13
