0xedh / dumpguard_bofView external linksLinks
Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.
☆207Jan 6, 2026Updated last month
Alternatives and similar repositories for dumpguard_bof
Users that are interested in dumpguard_bof are comparing it to the libraries listed below
Sorting:
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 5 months ago
- A Windows tool that converts LDIF files to BloodHound CE☆25Dec 20, 2025Updated last month
- COM-based DLL Surrogate Injection☆140Dec 9, 2025Updated 2 months ago
- The DCERPC only printerbug.py version☆201Oct 30, 2025Updated 3 months ago
- ☆100Sep 1, 2024Updated last year
- Title is self explaining, well theres few methods we can do to read locked file and play with it...☆87Jan 5, 2026Updated last month
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 3 months ago
- Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons☆94Updated this week
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆273Dec 27, 2024Updated last year
- Execute shellcode via ASPNET compiler☆61Oct 2, 2025Updated 4 months ago
- ☆94Dec 9, 2025Updated 2 months ago
- Linker for Beacon Object Files☆149Updated this week
- Python tool to automatically perform SPN-less RBCD attacks.☆116Jan 7, 2026Updated last month
- Library of BOFs to interact with SQL servers☆16Dec 6, 2024Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- Early cascade injection PoC based on Outflanks blog post written in Rust☆67Dec 26, 2025Updated last month
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆135Apr 6, 2025Updated 10 months ago
- Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames☆150Nov 23, 2025Updated 2 months ago
- ☆123Jan 23, 2025Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆182Jan 17, 2026Updated 3 weeks ago
- ☆106Aug 21, 2024Updated last year
- Shellcode loader that executes embedded Lua from Rust.☆127Dec 16, 2024Updated last year
- Golang Automation Framework for Cobalt Strike using the Rest API☆56Dec 4, 2025Updated 2 months ago
- Indirect syscalls + DInvoke made simple.☆96Dec 24, 2024Updated last year
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆156Mar 26, 2025Updated 10 months ago
- ☆137Nov 17, 2025Updated 2 months ago
- Windows rootkit designed to work with BYOVD exploits☆214Jan 18, 2025Updated last year
- Local SYSTEM auth trigger for relaying☆168Jul 22, 2025Updated 6 months ago
- Mythic C2 Agent written in x64 PIC C☆84Jan 29, 2025Updated last year
- A python library to create BloodHound OpenGraphs☆52Feb 4, 2026Updated last week
- An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.☆114Oct 6, 2025Updated 4 months ago
- ☆161Mar 27, 2023Updated 2 years ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆381Dec 13, 2024Updated last year
- Collection of BOFs created for red team/adversary engagements. Created to be small and interchangeable, for quick recon or eventing.☆233Updated this week
- Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass☆74Jan 29, 2026Updated 2 weeks ago
- Attack Active Directory Trusts with a single tool☆14Jan 15, 2025Updated last year
- Cobaltstrike UDRL with memory evasion☆15May 16, 2024Updated last year
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆75Oct 27, 2025Updated 3 months ago