0xTriboulet/InlineExecuteEx

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/0xTriboulet/InlineExecuteEx)

0xTriboulet / InlineExecuteEx

A BOF that's a BOF Loader and more

☆198

Alternatives and similar repositories for InlineExecuteEx

Users that are interested in InlineExecuteEx are comparing it to the libraries listed below

Sorting:

EspressoCake / cIdentifyServiceDependencies_BOF
View on GitHub
Beacon Object File (BOF) for identifying dependent child services of a given parent.
☆19Jun 20, 2025Updated 8 months ago
EricEsquivel / Inline-EA
View on GitHub
Cobalt Strike BOF for evasive .NET assembly execution
☆308Mar 31, 2025Updated 11 months ago
NtDallas / BOF_Spawn
View on GitHub
Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
☆152Nov 23, 2025Updated 3 months ago
0xRedpoll / ludus_cobaltstrike_teamserver
View on GitHub
Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers
☆18Mar 19, 2025Updated 11 months ago
pard0p / Remote-BOF-Runner
View on GitHub
Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …
☆89Jan 2, 2026Updated 2 months ago
zero2504 / COMouflage
View on GitHub
COM-based DLL Surrogate Injection
☆142Dec 9, 2025Updated 2 months ago
sudonoodle / BOF-entra-authcode-flow
View on GitHub
Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
☆124Jan 17, 2026Updated last month
Cobalt-Strike / icmp-udc2
View on GitHub
UDC2 implementation that provides an ICMP C2 channel
☆115Nov 24, 2025Updated 3 months ago
iilegacyyii / DataInject-BOF
View on GitHub
Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
☆137Apr 18, 2025Updated 10 months ago
CodeXTF2 / CustomC2ChannelTemplate
View on GitHub
template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.
☆101Jan 10, 2026Updated last month
R41N3RZUF477 / QuickAssist_UAC_Bypass
View on GitHub
UAC Bypass using UIAccess program QuickAssist
☆213Nov 30, 2025Updated 3 months ago
CodeXTF2 / WebcamBOF
View on GitHub
Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
☆158Mar 26, 2025Updated 11 months ago
0xTriboulet / ai-postex
View on GitHub
Proof-of-concept implementation of AI-enabled postex DLLs
☆54Sep 10, 2025Updated 5 months ago
rasta-mouse / SpawnWith
View on GitHub
☆109Feb 17, 2025Updated last year
Tw1sm / list-wam-accounts
View on GitHub
List web account manager (WAM) accounts added to the current profile
☆22Dec 11, 2025Updated 2 months ago
mwnickerson / COMHijackBOF
View on GitHub
☆39Nov 25, 2025Updated 3 months ago
cfs0x / nightshade
View on GitHub
☆36Jul 1, 2025Updated 8 months ago
WKL-Sec / slack-udc2
View on GitHub
Cobalt Strike UDC2 implementation that provides an Slack C2 channel
☆63Jan 5, 2026Updated last month
boku7 / StringReaper
View on GitHub
Reaping treasures from strings in remote processes memory
☆285Feb 8, 2025Updated last year
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆681Oct 23, 2024Updated last year
ofasgard / execute-assembly-pico
View on GitHub
A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
☆128Jan 28, 2026Updated last month
NtDallas / BOF_RunPe
View on GitHub
BOF to run PE in Cobalt Strike Beacon without console creation
☆186Nov 23, 2025Updated 3 months ago
deh00ni / NtDumpBOF
View on GitHub
☆100Sep 1, 2024Updated last year
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆434Dec 21, 2023Updated 2 years ago
zero2504 / EDR-GhostLocker
View on GitHub
AppLocker-Based EDR Neutralization
☆321Dec 19, 2025Updated 2 months ago
MEhrn00 / boflink
View on GitHub
Linker for Beacon Object Files
☆159Feb 22, 2026Updated last week
praetorian-inc / google-redirector
View on GitHub
A lightweight redirector for Google Cloud Run, enabling domain fronting via Google-owned infrastructure.
☆133Nov 12, 2025Updated 3 months ago
rasta-mouse / Crystal-Loaders
View on GitHub
A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
☆185Oct 29, 2025Updated 4 months ago
Cobalt-Strike / sleepmask-vs
View on GitHub
A simple Sleepmask BOF example
☆168Nov 24, 2025Updated 3 months ago
zyn3rgy / smbtakeover
View on GitHub
BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
☆346Nov 19, 2024Updated last year
boku7 / patchwerk
View on GitHub
BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
☆195Feb 6, 2025Updated last year
NtDallas / OdinLdr
View on GitHub
Cobaltstrike Reflective Loader with Synthetic Stackframe
☆186Jan 17, 2026Updated last month
zyn3rgy / RelayInformer
View on GitHub
Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective
☆166Jan 12, 2026Updated last month
xforcered / ForsHops
View on GitHub
ForsHops
☆152Mar 25, 2025Updated 11 months ago
ricardojoserf / w11_shadow_copies
View on GitHub
Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11
☆84Jan 26, 2026Updated last month
quarkslab / proxyblob
View on GitHub
SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.
☆309Feb 16, 2026Updated 2 weeks ago
passthehashbrowns / VectoredExceptionHandling
View on GitHub
☆108Aug 21, 2024Updated last year
bohops / COM-to-the-Darkside
View on GitHub
Slides and resources from MCTTP 2025 Talk
☆66Oct 26, 2025Updated 4 months ago
pard0p / PICO-Implant
View on GitHub
PICO-Implant is a Proof of Concept C2 implant built using Position-independent Code Objects (PICO) for modular functionality. This projec…
☆43Nov 9, 2025Updated 3 months ago