Just released a new @OutflankNL Cobalt Strike BOF project which uses direct system calls to enumerate processes for specific loaded modules or process handles. E.g. to find open handles to LSASS or processes with CLR loaded for execute-assembly spawnto. github.com/outflanknl/FindOb…
2
111
229
Replying to @Cneelis @OutflankNL

10:07 AM · Jan 11, 2021

0
0
1
GIF