Atomic BOFs is a framework designed to simplify detection engineering for Beacon Object Files by making them self-contained units. Inspired by Atomic Red Team, this project utilizes "BOF Inversions" and "BOF Cocktails" to embed necessary API implementations and evasion techniques directly into the BOF, removing the dependency on a C2 agent like Cobalt Strike.
The core of the project involves a specialized loader called a "harness" and various specification files used with the Crystal Palace utility. This setup allows researchers to execute BOFs as independent position-independent code (PIC) via a shellcode runner, enabling the testing of "vanilla" or "hooked" versions of tools to verify telemetry and detection coverage in controlled environments.
Top comments (0)