SharpDPAPI ported to Cobalt Strike BOFs — 19 self-contained BOFs for DPAPI credential triage
☆16Feb 24, 2026Updated 4 months ago
Alternatives and similar repositories for DPAPI_BOF
Users that are interested in DPAPI_BOF are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself☆97Apr 9, 2026Updated 3 months ago
- A credential extraction BOF for Veeam Backup and Replication and Veeam One☆78Jul 1, 2026Updated last week
- PoC for CVE-2026-3609 - XIGNCODE3 xhunter1.sys handle leak enabling PPL bypass and LSASS dumping☆29May 12, 2026Updated 2 months ago
- Cobalt Strike BOF☆58Dec 10, 2025Updated 7 months ago
- A simple OAuth App designed to capture OAuth tokens when users authenticate through GitHub OAuth flow.☆25Apr 20, 2026Updated 2 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- remote process injections using pool party techniques☆70Jun 29, 2025Updated last year
- first public in-process reflective PE loader for .NET NativeAOT binaries. maps a NativeAOT executable into the current process and execut…☆28Mar 28, 2026Updated 3 months ago
- .NET CLR-Stomping☆146May 20, 2026Updated last month
- A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, wit…☆296Feb 21, 2026Updated 4 months ago
- Async BOF to capture KeePass master passwords by detecting and keylogging locked database windows.☆46Jun 18, 2026Updated 3 weeks ago
- Evasive loader for .NET Framework assemblies☆44May 14, 2026Updated 2 months ago
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆71Dec 25, 2025Updated 6 months ago
- Shellcode loader that executes embedded Lua from Rust.☆125Dec 16, 2024Updated last year
- Rusty DoublePulsar - Cobalt Strike User-Defined Reflective Loader (UDRL) in Rust (Codename: DoublePulsar)☆113May 14, 2026Updated 2 months ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- ☆86Apr 8, 2026Updated 3 months ago
- Stealthy .NET assembly loading using AssemblyNative::LoadFromBuffer☆58Mar 22, 2026Updated 3 months ago
- A powerful, modular, lightweight and efficient command & control framework written in Nim.☆223Nov 3, 2025Updated 8 months ago
- y4er的ysoserial修改版,加入mysql不出网pipe文件生成☆28Updated this week
- Rusty Armory - Beacon Object Files (BOFs) in Rust (Codename: Armory)☆69Apr 3, 2026Updated 3 months ago
- Windows Thread Pool Injection Havoc Implementation☆35Mar 23, 2024Updated 2 years ago
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆74May 1, 2024Updated 2 years ago
- Automated BYOVD driver analysis: import scanning, IOCTL dispatch extraction, Speakeasy emulation☆82Jul 2, 2026Updated last week
- psexec-like remote execution using the paexec wire protocol that supports paexec and remoteexecm2 from manageengine adselfservice plus☆43Mar 24, 2026Updated 3 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- SAM Dumping in C#☆55Nov 27, 2025Updated 7 months ago
- BOF POC of the DSCourier project / invoking WinGet via COM☆90Apr 23, 2026Updated 2 months ago
- Azure apim mini proxy☆61May 18, 2026Updated last month
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.☆134Updated this week
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 10 months ago
- A stealthier approach to WMI-based command execution using Impacket without touching the disk.☆85Mar 15, 2026Updated 3 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆66Mar 19, 2024Updated 2 years ago
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆182Apr 14, 2026Updated 3 months ago
- Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames☆156Nov 23, 2025Updated 7 months ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Fast Windows post-exploitation wins after initial access.☆29Jan 28, 2026Updated 5 months ago
- Extract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#…☆370Feb 2, 2026Updated 5 months ago
- Dump Kerberos tickets from the KCM database of SSSD☆59Dec 31, 2025Updated 6 months ago
- An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD☆50Mar 10, 2025Updated last year
- ☆12Jul 2, 2023Updated 3 years ago
- Combining KslDump and GhostKatz to dump LSASS using no-fix KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest clea…☆73Mar 25, 2026Updated 3 months ago
- CVE-2025-59501 POC code☆25Nov 20, 2025Updated 7 months ago