From fb02b6c3d26d966180451269712e6406a57ce0cc Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Sat, 21 Aug 2021 13:10:15 +0700
Subject: [PATCH] Add: boku7/spawn to Execution section

---
 Offensive.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Offensive.md b/Offensive.md
index 1616267..96e87ee 100644
--- a/Offensive.md
+++ b/Offensive.md
@@ -454,6 +454,10 @@ Some tools can be categorized in more than one category. But because the current
         <td><a href="https://github.com/boku7/HOLLOW">boku7/HOLLOW</a></td>
         <td>EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/boku7/spawn">boku7/spawn</a></td>
+        <td>Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/Cybellum/DoubleAgent">Cybellum/DoubleAgent</a></td>
         <td>DoubleAgent is a new Zero-Day technique for injecting code and maintaining persistence on a machine (i.e.