CodeXTF2 / ScreenshotBOFLinks
An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.
☆427Updated last month
Alternatives and similar repositories for ScreenshotBOF
Users that are interested in ScreenshotBOF are comparing it to the libraries listed below
Sorting:
- UDRL for CS☆426Updated last year
- Abuse Impersonate Privilege from Service to SYSTEM like other potatoes do☆372Updated 2 years ago
- Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles☆388Updated 2 years ago
- Some Service DCOM Object and SeImpersonatePrivilege abuse.☆361Updated 2 years ago
- Credential Guard Bypass Via Patching Wdigest Memory☆329Updated 2 years ago
- A list of python tools to help create an OPSEC-safe Cobalt Strike profile.☆440Updated 2 weeks ago
- Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind☆460Updated last year
- COM Hijacking VOODOO☆298Updated 2 months ago
- not a reverse-engineered version of the Cobalt Strike Beacon☆363Updated last year
- A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.☆454Updated last year
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆454Updated 11 months ago
- A beacon object file implementation of PoolParty Process Injection Technique.☆394Updated last year
- Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)☆465Updated 2 years ago
- Go shellcode loader that combines multiple evasion techniques☆370Updated last year
- Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime☆305Updated last year
- ☆333Updated 4 months ago
- PrintNotifyPotato☆523Updated 2 years ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆607Updated 2 weeks ago
- UAC Bypass By Abusing Kerberos Tickets☆496Updated last year
- Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.☆301Updated 2 years ago
- Windows Token Stealing Expert☆473Updated last year
- Fileless atexec, no more need for port 445☆384Updated last year
- Terminate AV/EDR Processes using kernel driver☆344Updated last year
- Dumping LSASS with a duplicated handle from custom LSA plugin☆201Updated 3 years ago
- A Visual Studio template used to create Cobalt Strike BOFs☆308Updated 3 years ago
- GetProcAddressByHash/remap/full dll unhooking/Tartaru's Gate/Spoofing Gate/universal/Perun's Fart/Spoofing-Gate/EGG/RecycledGate/syswhisp…☆320Updated 8 months ago
- InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…☆671Updated last year
- CobaltStrike beacon in rust☆188Updated 9 months ago
- Local privilege escalation from SeImpersonatePrivilege using EfsRpc.☆323Updated 2 years ago
- A BOF to automate common persistence tasks for red teamers☆277Updated 2 years ago