From e8661898d630d5f04d2a368d289a27712809ed10 Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Sun, 10 Jul 2022 17:03:50 +0700
Subject: [PATCH] Add: netero1010/RDPHijack-BOF to Lateral Movement section

---
 Offensive.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Offensive.md b/Offensive.md
index e0184b5..d13bfa1 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -2521,6 +2521,10 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://github.com/Mr-Un1k0d3r/SCShell">Mr-Un1k0d3r/SCShell</a></td>
         <td>Fileless lateral movement tool that relies on ChangeServiceConfigA to run command</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/netero1010/RDPHijack-BOF">netero1010/RDPHijack-BOF</a></td>
+        <td>Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/netero1010/ServiceMove-BOF">netero1010/ServiceMove-BOF</a></td>
         <td>New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.</td>