BOF files and CNA scripts for Cobalt Strike
This repository contains multiple BOFs and theit accompanying .cna scripts for Cobalt Strike, which are useful during Red Team engagements.
| Command | Description |
|---|---|
| createproc | BOF that attempts to spawn a new process on the target system using CreateProcessA. |
| elevate_pid | Privilege escalation via token impersonation in Windows BOF |
| envdump | BOF to list environment variables available to the current process |
| getcmdline | BOF to extract the full command-line arguments used to launch a specific process by its name (e.g., notepad.exe), from another process’s memory. |
| servicelookup | BOF that checks whether a given Windows service account exists locally or remotely by resolving its Security Identifier (SID) using LookupAccountNameA. It can also optionally impersonate a user using LogonUserA before performing the lookup. |