Closing Remarks

Beacon Object Files will remain a core part of Command and Control architecture for the foreseeable future. Their modular nature, ease of use, minimal Indicators Of Compromise (IOCs) compared to Reflective DLL Injection, as well as compatibility across numerous well-used frameworks make them a near must-have for any C2 framework.

Personally, it's been quite a humbling experience these last few days, learning about COFF loading, and BOFs in general. I wouldn't have been able to learn about this without the help of 5pider, Havoc's author, who wrote both CoffeeLdr, as well as the code for Maldev Academy's Object File Loading module. Both of these resources, alongside Microsoft's specification for the Windows COFF format, which can be found here, have helped me tremendously.

Whether you're a developer, pentester, red teamer, or hobbyist, I hope you've learned something today.