Cobalt-Strike/unhook-bof external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Cobalt-Strike/unhook-bof

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Cobalt-Strike/unhook-bof)

Close

Cobalt-Strike / unhook-bofView on GitHubMore

• External links
• Readme badge

Remove API hooks from a Beacon process.

☆76Mar 13, 2022Updated 4 years ago

Alternatives and similar repositories for unhook-bof

Users that are interested in unhook-bof are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Cobalt-Strike / ZeroLogon-BOF

  View on GitHub
  ☆12Sep 17, 2020Updated 5 years ago
• rsmudge / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆282Sep 18, 2021Updated 4 years ago
• EspressoCake / PPLDump_BOF

  View on GitHub
  A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.
  ☆143Sep 24, 2021Updated 4 years ago
• NVISOsecurity / cobalt-strike-notifier

  View on GitHub
  ☆13Jul 30, 2021Updated 4 years ago
• Cobalt-Strike / beacon_health_check

  View on GitHub
  This aggressor script uses a beacon's note field to indicate the health status of a beacon.
  ☆141Sep 29, 2021Updated 4 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• apokryptein / secinject

  View on GitHub
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆103Jan 7, 2022Updated 4 years ago
• ceramicskate0 / BOF-Builder

  View on GitHub
  C# .Net 5.0 project to build BOF (Beacon Object Files) in mass
  ☆25Jul 25, 2023Updated 2 years ago
• EspressoCake / DLL_Imports_BOF

  View on GitHub
  A BOF to parse the imports of a provided PE-file, optionally extracting symbols on a per-dll basis.
  ☆86Oct 28, 2021Updated 4 years ago
• Cobalt-Strike / ElevateKit

  View on GitHub
  The Elevate Kit demonstrates how to use third-party privilege escalation attacks with Cobalt Strike's Beacon payload.
  ☆126Jun 22, 2020Updated 5 years ago
• EspressoCake / DLL-Exports-Extraction-BOF

  View on GitHub
  DLL Exports Extraction BOF with optional NTFS transactions.
  ☆90Nov 5, 2021Updated 4 years ago
• guervild / BOFs

  View on GitHub
  Cobalt Strike Beacon Object Files
  ☆167May 2, 2022Updated 3 years ago
• CCob / BOF.NET

  View on GitHub
  A .NET Runtime for Cobalt Strike's Beacon Object Files
  ☆772Sep 4, 2024Updated last year
• RiccardoAncarani / BOFs

  View on GitHub
  Collection of Beacon Object Files (BOFs) for shells and lols
  ☆122Sep 14, 2021Updated 4 years ago
• outflanknl / HelpColor

  View on GitHub
  Agressor script that lists available Cobalt Strike beacon commands and colors them based on their type
  ☆212Mar 18, 2024Updated 2 years ago
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• tijme / kernel-mii

  View on GitHub
  Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
  ☆85May 7, 2023Updated 2 years ago
• nick-frischkorn / SuspendEventLogBOF

  View on GitHub
  Beacon Object File to locate and suspend the threads hosting the Event Log service
  ☆29Jun 17, 2022Updated 3 years ago
• boku7 / halosgate-ps

  View on GitHub
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆107Mar 8, 2023Updated 3 years ago
• SpecterOps / SCOMHound

  View on GitHub
  ☆38Dec 4, 2025Updated 3 months ago
• Flangvik / CobaltBus

  View on GitHub
  Cobalt Strike External C2 Integration With Azure Servicebus, C2 traffic via Azure Servicebus
  ☆246Feb 23, 2022Updated 4 years ago
• bashexplode / cs2webconfig

  View on GitHub
  Convert Cobalt Strike profiles to IIS web.config files
  ☆114Aug 23, 2021Updated 4 years ago
• jfmaes / DeepSleep

  View on GitHub
  all credits go to @mgeeky
  ☆65Oct 14, 2021Updated 4 years ago
• xforcered / Detect-Hooks

  View on GitHub
  Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
  ☆102Jul 22, 2021Updated 4 years ago
• boku7 / injectEtwBypass

  View on GitHub
  CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
  ☆300Sep 28, 2021Updated 4 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• S4ntiagoP / freeBokuLoader

  View on GitHub
  A simple BOF that frees UDRLs
  ☆122May 29, 2022Updated 3 years ago
• kyleavery / inject-assembly

  View on GitHub
  Inject .NET assemblies into an existing process
  ☆508Jan 19, 2022Updated 4 years ago
• 0xRedpoll / ludus_cobaltstrike_teamserver

  View on GitHub
  Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers
  ☆18Mar 19, 2025Updated last year
• xenoscr / SharpMailBOF

  View on GitHub
  A BOF.NET program to split a file into smaller chunks and email it via a specified SMTP relay.
  ☆15Jun 24, 2021Updated 4 years ago
• FalconForceTeam / SysWhispers2BOF

  View on GitHub
  Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs
  ☆125May 24, 2022Updated 3 years ago
• rasta-mouse / Rosplant

  View on GitHub
  ☆53Sep 16, 2021Updated 4 years ago
• passthehashbrowns / hook-integrity-checks

  View on GitHub
  ☆23May 28, 2021Updated 4 years ago
• tomcarver16 / BOF-DLL-Inject

  View on GitHub
  Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.
  ☆152Sep 3, 2020Updated 5 years ago
• EspressoCake / DLL_Version_Enumeration_BOF

  View on GitHub
  A BOF for enumerating version information for DLLs associated for a Beacon process.
  ☆16Nov 23, 2021Updated 4 years ago
• NordVPN Special Discount Offer • Ad
  Save on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆95Mar 8, 2023Updated 3 years ago
• cybersectroll / SharpPersistSD

  View on GitHub
  ☆91May 15, 2024Updated last year
• boku7 / spawn

  View on GitHub
  Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…
  ☆469Mar 8, 2023Updated 3 years ago
• OG-Sadpanda / SharpSword

  View on GitHub
  Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly
  ☆117Sep 30, 2024Updated last year
• N4kedTurtle / SharpTeamsDump

  View on GitHub
  Dump Teams conversations
  ☆18Jun 9, 2021Updated 4 years ago
• Cobalt-Strike / sleep_python_bridge

  View on GitHub
  This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python withou…
  ☆187Aug 3, 2025Updated 7 months ago
• xforcered / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆53Dec 21, 2021Updated 4 years ago