You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When running the coff command, a new thread is spun up without specifying LPSECURITY_ATTRIBUTES, the default behavior of this function is to use the token of the calling process, rather than the impersonated thread.
Fix: Since the task is already being spun up in a new thread, could I potentially just change the entry point to a delegate function and just execute it directly that way?
The text was updated successfully, but these errors were encountered:
Describe the bug
When running the
coffcommand, a new thread is spun up without specifyingLPSECURITY_ATTRIBUTES, the default behavior of this function is to use the token of the calling process, rather than the impersonated thread.https://github.com/MythicAgents/Athena/blob/dev/Payload_Type/athena/athena/agent_code/AthenaPlugins/coff/coff/BofRunner.cs#L83
Fix: Since the task is already being spun up in a new thread, could I potentially just change the entry point to a delegate function and just execute it directly that way?
The text was updated successfully, but these errors were encountered: