Fetching SharpHound data entirely in-memory (no dropped ZIP or JSON files) using BOF.NET and Cobalt Strike
This post details some proof-of-concept changes to SharpHound's output functionality to avoid forensic artefacts. Namely, doing everything in-memory, and avoiding ever touching disk. This also leverages the fantastic recent changes to BOF.NET to support sending memory buffers to Cobalt Strike as pseudo file downloads. For this, two new (non-official) SharpHound flags are introduced: --MemoryOnlyJSON and […]
Continue Reading