Beacon object files I made to use with Cobalt Strike
- ntllRemap
- Uses the Beacon API to obtain current process handle and retrieve handle for
ntdll
, then gets the module info forntdll
and determines the base address and size of the image, creates a new RWX section, unmapsntdll
, maps the new empty section to the base address of the originalntdll
with RWX, copiesntdll
into this secion, changes to RX, then closes the handle. - Don't use this. It'll crash your beacon lol.
- Uses the Beacon API to obtain current process handle and retrieve handle for