Skip to Main Content


Building your own in memory loader or how to run BOFs


Have you heard of the new Beacon Object File (BOF) hotness? Have you ever thought that you should be able to run those outside of Cobalt Strike? Well, if that's the case, you came to the right place. In this post, we'll go through the basic steps of understanding and building an in-memory loader for any type of format be that an Executable and Linkable Format (ELF), Mach Object file format (Mach-O), Portable Executable (PE), or Common Object File Format (COFF) files, using COFF as the example and releasing a reference implementation with beacon compatibility built in. The steps are pretty much the same and the more of these types of loaders you write, the better you get at writing them.