Save 40% on Coursera Plus Annual

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Introduction to Beacon Object Files in Red-Team Operations

Ekoparty Security Conference via YouTube

Start learning Write review
Datacamp Ad

Power BI Fundamentals - Create visualizations and dashboards from scratch

Learn More → Coursera Ad

All Coursera Certificates 40% Off

Learn More →

Overview

Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the world of Beacon Object Files (BOFs) and their applications in red-teaming operations through this informative conference talk. Delve into the Common Object File Format (COFF) and its role in compiler-generated files. Learn about beacon_inline_execute, a custom Windows COFF loader primarily used by Cobalt Strike, and its functionality in loading BOFs in-memory. Discover how BOFs can execute code on target machines without loading shellcode or injecting into remote processes, making them effective for bypassing AV/EDR protection and expanding C2 agent capabilities. Examine Coffee, a Rust-based COFF loader designed for BOFs, and understand its process of parsing object files, allocating memory, and executing code. Gain insights from speaker Rafael Felix, an experienced malware developer and researcher, on the inner workings of COFF format and BOFs in red-team operations.

Syllabus

Introduction to Beacon Object Files in the context of red-teaming operations - Rafael Felix -EKO2023

Taught by

Ekoparty Security Conference

Reviews

Start your review of Introduction to Beacon Object Files in Red-Team Operations

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.