BypassCredGuard CS BOF
☆51Jan 23, 2025Updated last year
Alternatives and similar repositories for BypassCredGuard-BOF
Users that are interested in BypassCredGuard-BOF are comparing it to the libraries listed below
Sorting:
- Repository to gather the BOF files I will be developing☆11Oct 1, 2024Updated last year
- ☆33Jan 23, 2025Updated last year
- 一个普通的BOF用来BypassUAC☆22Apr 6, 2024Updated last year
- ☆147Nov 6, 2025Updated 4 months ago
- ☆29May 10, 2024Updated last year
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆145Apr 18, 2025Updated 10 months ago
- Beacon Object File to locate and suspend the threads hosting the Event Log service☆29Jun 17, 2022Updated 3 years ago
- ☆126Jan 23, 2025Updated last year
- Repository to gather the .NET malware I will be developing☆18Mar 23, 2025Updated 11 months ago
- ☆57Jan 15, 2024Updated 2 years ago
- ☆234Oct 8, 2024Updated last year
- ☆123Oct 9, 2023Updated 2 years ago
- A beacon object file implementation of PoolParty Process Injection Technique.☆435Dec 21, 2023Updated 2 years ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆86Mar 19, 2023Updated 2 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆90Oct 13, 2024Updated last year
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆45Sep 25, 2024Updated last year
- ☆159Dec 13, 2024Updated last year
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- ☆38Feb 26, 2025Updated last year
- Beacon Object File (BOF) Template☆64Feb 6, 2026Updated last month
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- simple shellcode injector for Windows / Process Hollowing☆15Jun 26, 2024Updated last year
- Bypass YARA rule Windows_Trojan_CobaltStrike_f0b627fc by generating alternative shellcode sequences.☆52Oct 2, 2025Updated 5 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆215Oct 19, 2024Updated last year
- BOF for Kerberos abuse (an implementation of some important features of the Rubeus).☆549Nov 23, 2025Updated 3 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 7 months ago
- Tool to obtain hash using MS-SNTP for user accounts☆29Jan 22, 2025Updated last year
- Library of BOFs to interact with SQL servers☆223Dec 3, 2025Updated 3 months ago
- A simple BOF (Beacon Object File) to search files in the system☆15Dec 2, 2023Updated 2 years ago
- Test bench lab for Shellcode Obfuscation☆35Sep 2, 2025Updated 6 months ago
- bring your own vulnerable driver☆114May 17, 2023Updated 2 years ago
- Evasive loader to bypass static detection☆60Jan 15, 2024Updated 2 years ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 2 years ago
- ☆161Mar 27, 2023Updated 2 years ago
- A simple BOF that frees UDRLs☆122May 29, 2022Updated 3 years ago
- Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.☆214Oct 9, 2022Updated 3 years ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- BOF with Synthetic Stackframe☆230Oct 30, 2025Updated 4 months ago