Nothing groundbreaking, but ported the ETW patch from @_xpn_ (mdsec.co.uk/2020/03/hiding-y…) to a beacon object file github.com/ajpc500/BOFs/tree…
1:43 PM · Dec 19, 2020
6
36
94
Added a more general purpose BOF to the repo for reading loaded module functions, and comparing and patching them from on-disk DLLs. github.com/ajpc500/BOFs/tree…
1
5
9
Credit goes to @spotheplanet for the DLL parsing code I adapted from ired.team/offensive-security…
0
3
13





