Kali Linux

WindowSpy : A Cobalt Strike Beacon Object File Meant For Targetted User Surveillance

WindowSpy is a Cobalt Strike Beacon Object File meant for targetted user surveillance. The goal of this project was to trigger surveillance capabilities only on certain targets, e.g. browser login pages, confidential documents, vpn logins etc. The purpose was to increase stealth during user surveillance by preventing detection of repeated use of surveillance capabilities e.g. screenshots. It also saves the red team time in sifting through many pages of user surveillance data, which would be produced if keylogging/screenwatch was running at all times.

How it works

Each time a beacon checks in, the BOF runs on the target. The BOF comes with a hardcoded list of strings that are common in useful window titles e.g. login, administrator, control panel, vpn etc. You can customize this list and recompile yourself. It enumerates the visible windows and compares the titles to the list of strings, and if any of these are detected, it triggers a local aggressorscript function defined in WindowSpy.cna named spy(). By default, it takes a screenshot. You may customize this function however you want, e.g. keylogging, WireTap, webcam, etc.

The spy() function has 1 argument, $1 being the beacon id of the beacon that triggered it.

Installation

  1. load the WindowSpy.cna script into Cobalt Strike

Building from source

  1. open the WindowSpy.sln solution file in Visual Studio
  2. Build for target BOF (x64/x86)

Usage

  1. Leave it to run. It should automatically run on each beacon checkin and trigger accordingly.

I built this because I was bored, and was messing with user surveillance. If there are bugs, open an issue. If there are any issues with the design, feel free to open an issue too.

Please consider following and supporting us to stay updated with the latest info

R K

Recent Posts

Set Up Nginx Server Blocks on Ubuntu 18.04: Host Multiple Sites

Nginx server blocks let you run more than one website on a single server. Each block…

6 hours ago

Install Tor Browser on Ubuntu 18.04: Anonymous Browsing Guide

Tor Browser is a modified version of Firefox that routes all your web traffic through the Tor…

6 hours ago

Install Vagrant on Ubuntu 18.04: Complete Setup Guide for Developers

Vagrant is a command-line tool that makes it easy to build and manage virtual machine environments.…

7 hours ago

Install VMware Tools on Ubuntu 18.04: Open VM Tools and ISO Guide

VMware Tools is a set of drivers and services that improves the performance of an Ubuntu…

7 hours ago

Install Apache Maven on Ubuntu 18.04: Stable or Latest Version

Java developers use project management tools to automate building their applications. Apache Maven is an open source…

8 hours ago

Install Mono on Ubuntu 18.04: C# Compiler and Runtime Guide

Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…

1 day ago