Cobalt-Strike/bof-vs

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Cobalt-Strike/bof-vs)

Cobalt-Strike / bof-vs

A Beacon Object File (BOF) template for Visual Studio

☆271

Alternatives and similar repositories for bof-vs

Users that are interested in bof-vs are comparing it to the libraries listed below

Sorting:

Cobalt-Strike / sleepmask-vs
View on GitHub
A simple Sleepmask BOF example
☆169Nov 24, 2025Updated 3 months ago
Cobalt-Strike / bof_template
View on GitHub
A Beacon Object File (BOF) is a compiled C program, written to a convention that allows it to execute within a Beacon process and use int…
☆252Nov 24, 2025Updated 3 months ago
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆682Oct 23, 2024Updated last year
Cobalt-Strike / callback_examples
View on GitHub
This contains a number of examples demonstrating how to use callback functions in supported aggressor script functions
☆38Mar 17, 2025Updated 11 months ago
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆435Dec 21, 2023Updated 2 years ago
anthemtotheego / InlineExecute-Assembly
View on GitHub
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…
☆741Jul 22, 2023Updated 2 years ago
WKL-Sec / Malleable-CS-Profiles
View on GitHub
A list of python tools to help create an OPSEC-safe Cobalt Strike profile.
☆510May 19, 2025Updated 9 months ago
EricEsquivel / Inline-EA
View on GitHub
Cobalt Strike BOF for evasive .NET assembly execution
☆308Mar 31, 2025Updated 11 months ago
trustedsec / CS-Situational-Awareness-BOF
View on GitHub
Situational Awareness commands implemented using Beacon Object Files
☆1,728Feb 23, 2026Updated 2 weeks ago
baiyies / ScreenshotBOFPlus
View on GitHub
Take a screenshot without injection for Cobalt Strike
☆203Jun 7, 2023Updated 2 years ago
evilashz / Visual-Studio-BOF-template
View on GitHub
more conveniently Visual-Studio-BOF-template
☆75Sep 12, 2023Updated 2 years ago
rasta-mouse / PPEnum
View on GitHub
Simple BOF to read the protection level of a process
☆118May 10, 2023Updated 2 years ago
Tw1sm / SQL-BOF
View on GitHub
Library of BOFs to interact with SQL servers
☆223Dec 3, 2025Updated 3 months ago
trustedsec / CS-Remote-OPs-BOF
View on GitHub
Remote operations commands implemented using Beacon Object Files
☆1,120Feb 23, 2026Updated 2 weeks ago
REDMED-X / OperatorsKit
View on GitHub
Collection of Beacon Object Files (BOF) for Cobalt Strike
☆677Aug 15, 2025Updated 6 months ago
Octoberfest7 / CVE-2023-36874_BOF
View on GitHub
Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE
☆205Aug 25, 2023Updated 2 years ago
xforcered / BOFMask
View on GitHub
☆128Jun 28, 2023Updated 2 years ago
icyguider / UAC-BOF-Bonanza
View on GitHub
Collection of UAC Bypass Techniques Weaponized as BOFs
☆609Feb 21, 2024Updated 2 years ago
VoldeSec / PatchlessInlineExecute-Assembly
View on GitHub
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
☆276Apr 17, 2023Updated 2 years ago
CCob / BOF.NET
View on GitHub
A .NET Runtime for Cobalt Strike's Beacon Object Files
☆772Sep 4, 2024Updated last year
RalfHacker / Kerbeus-BOF
View on GitHub
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
☆549Nov 23, 2025Updated 3 months ago
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆370Apr 19, 2023Updated 2 years ago
FalconForceTeam / BOF2shellcode
View on GitHub
POC tool to convert CobaltStrike BOF files to raw shellcode
☆220Nov 5, 2021Updated 4 years ago
N7WEra / BofAllTheThings
View on GitHub
Creating a repository with all public Beacon Object Files (BoFs)
☆601Mar 2, 2026Updated last week
mertdas / PrivKit
View on GitHub
PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
☆569Jan 20, 2026Updated last month
passthehashbrowns / BOFMask
View on GitHub
☆125Jun 28, 2023Updated 2 years ago
EvanMcBroom / perfect-loader
View on GitHub
Load a dynamic library from memory by modifying the native Windows loader
☆286Jun 18, 2025Updated 8 months ago
CICADA8-Research / TypeLibWalker
View on GitHub
TypeLib persistence technique
☆140Oct 22, 2024Updated last year
NtDallas / KrakenMask
View on GitHub
Sleep obfuscation
☆270Dec 13, 2024Updated last year
rvrsh3ll / BOF_Collection
View on GitHub
Various Cobalt Strike BOFs
☆744Oct 16, 2022Updated 3 years ago
iilegacyyii / DataInject-BOF
View on GitHub
Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
☆145Apr 18, 2025Updated 10 months ago
Cracked5pider / kaine-assembly
View on GitHub
a demo module for the kaine agent to execute and inject assembly modules
☆41Aug 28, 2024Updated last year
ipSlav / DirtyCLR
View on GitHub
An App Domain Manager Injection DLL PoC on steroids
☆212Dec 14, 2023Updated 2 years ago
ewby / Mockingjay_BOF
View on GitHub
Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
☆158Nov 7, 2023Updated 2 years ago
kyleavery / AceLdr
View on GitHub
Cobalt Strike UDRL for memory scanner evasion.
☆1,006Jun 4, 2024Updated last year
Cracked5pider / earlycascade-injection
View on GitHub
early cascade injection PoC based on Outflanks blog post
☆237Nov 7, 2024Updated last year
trustedsec / CS_COFFLoader
View on GitHub
☆132Dec 4, 2023Updated 2 years ago
CodeXTF2 / WebcamBOF
View on GitHub
Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
☆158Mar 26, 2025Updated 11 months ago
CodeXTF2 / ScreenshotBOF
View on GitHub
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memor…
☆490Dec 7, 2025Updated 3 months ago