We designed and implemented bof-launcher with a portability in mind so running BOFs on Linux ARM-based devices is a snap. Below, we’re running our uname BOF on Raspberry Pi device. For convenience we use our cli4bofs tool to execute BOF directly from command line. So let’s jump to our device:

During last months we were busy working on our bof-launcher project. In essence it is an open-source library for loading, relocating and launching Cobalt Strike’s BOFs on Windows and UNIX/Linux systems. But it also contains other very interesting features and capabilities that are worth discussing.

Additional references to materials about the Burp Suite Pro tool and its usage:

It’s already a common knowledge that merely rebuilding binaries could be a good way to attempt to bypass many AV solutions. Here’s a good illustration of exactly that case from our recent penetration testing engagement. Here’s the scenario:

Below is a nice Burp trickery I’ve learnt from Ryan and extended it also for apps that are using token-based session handling.

As in most penetration testing/red teaming companies we at Z-Labs use Nmap security scanner tool quite extensively. During one of our network penetration testing engagements we have noticed that UDP scanning (-sU) functionality misbehaves and does not correctly detect opened UDP ports. Soon after that we identified in Nmap (versions: 7.91 and 7.90) subtle implementation issue that resulted in corrupted UDP packets sent during a scan.

Burp has some nice export features which (combined with some 3rd party tools) can greatly aid in the process of looking for additional/hidden endpoints and/or hardcoded secrets.

It was already discussed here. Putting here for quick reference.

In the past, I found (already quite old - presented in 2013) slide deck Burp Suite Pro real-life tips & tricks authored by Nicolas Grégoire very useful which gave me motivation to constantly look for effciencies in my day to day Burp Suite Pro usage. Since that time Burp has significantly evolved (major milestone - version 2.x was released) and lots of interesting 3rd party extensions were developed.