Add: boku7/spawn to Execution section

2024-06-24 12:42:11 +00:00 · 2021-08-21 13:10:15 +07:00 · 2021-08-21 13:10:15 +07:00 · fb02b6c3d2
commit fb02b6c3d2
parent a54436cae3
1 changed files with 4 additions and 0 deletions
--- a/Offensive.md
+++ b/Offensive.md
@ -454,6 +454,10 @@ Some tools can be categorized in more than one category. But because the current
        <td><a href="https://github.com/boku7/HOLLOW">boku7/HOLLOW</a></td>
        <td>EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode</td>
    </tr>
+    <tr>
+        <td><a href="https://github.com/boku7/spawn">boku7/spawn</a></td>
+        <td>Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.</td>
+    </tr>
    <tr>
        <td><a href="https://github.com/Cybellum/DoubleAgent">Cybellum/DoubleAgent</a></td>
        <td>DoubleAgent is a new Zero-Day technique for injecting code and maintaining persistence on a machine (i.e.