Cobalt Strike uses a technique known as fork & run for many of its post-ex capabilities, including the screenshot command.
20
-
While this behaviour provides stability, it is now well known and heavily monitored for. This BOF is meant to provide a more
21
-
OPSEC safe version of the screenshot capability.
19
+
Cobalt Strike uses a technique known as fork & run for many of its post-ex capabilities, including the screenshot command. Whilethisbehaviourprovidesstability,itisnowwellknownandheavilymonitoredfor.ThisBOFismeanttoprovideamoreOPSECsafeversionofthescreenshotcapability.