A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader
☆65Dec 16, 2023Updated 2 years ago
Alternatives and similar repositories for COFF-Loader
Users that are interested in COFF-Loader are comparing it to the libraries listed below
Sorting:
- ☆100Sep 1, 2024Updated last year
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆128Oct 4, 2024Updated last year
- ☆126Jun 28, 2023Updated 2 years ago
- Load a dynamic library from memory by modifying the native Windows loader☆285Jun 18, 2025Updated 8 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Feb 6, 2026Updated 3 weeks ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- ☆33Jan 23, 2025Updated last year
- A BOF to automate common persistence tasks for red teamers☆292Mar 7, 2023Updated 2 years ago
- ☆31Jul 26, 2024Updated last year
- A pure C version of SymProcAddress☆30Mar 17, 2024Updated last year
- Vectored Exception Handling Squared☆29Dec 27, 2025Updated 2 months ago
- Mythic C2 Agent written in x64 PIC C☆85Jan 29, 2025Updated last year
- Run Cobalt Strike BOFs in Brute Ratel C4!☆86Apr 15, 2025Updated 10 months ago
- ☆60Jan 9, 2023Updated 3 years ago
- A python polymorphic engine for C programs☆11Dec 8, 2023Updated 2 years ago
- havoc2nginx is a simple python script that converts Havoc Framework's yaotl malleable c2 profile to Nginx configuration file format. Most…☆12May 8, 2023Updated 2 years ago
- Section-based payload obfuscation technique for x64☆64Aug 8, 2024Updated last year
- Evasive loader to bypass static detection☆60Jan 15, 2024Updated 2 years ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆186Jan 17, 2026Updated last month
- ☆129Jun 28, 2023Updated 2 years ago
- ☆123Oct 9, 2023Updated 2 years ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆270Oct 31, 2024Updated last year
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- Load and execute a common object file format (COFF) in the current process☆32Mar 9, 2024Updated last year
- For when DLLMain is the only way☆424Oct 29, 2024Updated last year
- Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer☆17Mar 4, 2023Updated 2 years ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 5 months ago
- Basic interactive Windows kernel offensive toolkit written in C☆137Sep 20, 2025Updated 5 months ago
- open source port/reimplementation of the Cobalt Strike BOF Loader as is☆68Feb 3, 2026Updated 3 weeks ago
- Docker container for running CobaltStrike 4.7 and above☆24Mar 20, 2025Updated 11 months ago
- A care package of useful bofs for red team engagments☆53Dec 6, 2024Updated last year
- Rust template/library for implementing your own COFF loader☆72Jan 27, 2025Updated last year
- Generic PE loader for fast prototyping evasion techniques☆244Jul 2, 2024Updated last year
- Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray☆47Mar 4, 2023Updated 2 years ago
- ☆162Mar 27, 2023Updated 2 years ago
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆137Dec 7, 2025Updated 2 months ago
- ☆24Feb 1, 2025Updated last year
- Reflective DLL Injection Made Bella☆249Jan 6, 2025Updated last year