CodeXTF2/ScreenshotBOF external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

CodeXTF2/ScreenshotBOF

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/CodeXTF2/ScreenshotBOF)

Close

CodeXTF2 / ScreenshotBOFView on GitHubMore

• External links
• Readme badge

An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.

☆490Dec 7, 2025Updated 2 months ago

Alternatives and similar repositories for ScreenshotBOF

Users that are interested in ScreenshotBOF are comparing it to the libraries listed below

• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆672Aug 15, 2025Updated 6 months ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,006Jun 4, 2024Updated last year
• trustedsec / CS-Remote-OPs-BOF

  View on GitHub
  Remote operations commands implemented using Beacon Object Files
  ☆1,120Updated this week
• Octoberfest7 / DropSpawn_BOF

  View on GitHub
  CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
  ☆285Jun 8, 2023Updated 2 years ago
• Octoberfest7 / Inline-Execute-PE

  View on GitHub
  Execute unmanaged Windows executables in CobaltStrike Beacons
  ☆714Mar 4, 2023Updated 2 years ago
• boku7 / BokuLoader

  View on GitHub
  A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
  ☆1,400Nov 22, 2023Updated 2 years ago
• anthemtotheego / InlineExecute-Assembly

  View on GitHub
  InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…
  ☆740Jul 22, 2023Updated 2 years ago
• CCob / BOF.NET

  View on GitHub
  A .NET Runtime for Cobalt Strike's Beacon Object Files
  ☆771Sep 4, 2024Updated last year
• EspressoCake / Defender_Exclusions-BOF

  View on GitHub
  A BOF to determine Windows Defender exclusions.
  ☆253Jun 25, 2023Updated 2 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• N7WEra / BofAllTheThings

  View on GitHub
  Creating a repository with all public Beacon Object Files (BoFs)
  ☆576Aug 30, 2023Updated 2 years ago
• iilegacyyii / ThreadlessInject-BOF

  View on GitHub
  BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…
  ☆394Jan 9, 2024Updated 2 years ago
• trustedsec / CS-Situational-Awareness-BOF

  View on GitHub
  Situational Awareness commands implemented using Beacon Object Files
  ☆1,722Updated this week
• WKL-Sec / HiddenDesktop

  View on GitHub
  HVNC for Cobalt Strike
  ☆1,298Dec 7, 2023Updated 2 years ago
• Octoberfest7 / MemFiles

  View on GitHub
  A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
  ☆473Jul 6, 2024Updated last year
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆433Dec 21, 2023Updated 2 years ago
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆680Oct 23, 2024Updated last year
• Octoberfest7 / CVE-2023-36874_BOF

  View on GitHub
  Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE
  ☆205Aug 25, 2023Updated 2 years ago
• baiyies / ScreenshotBOFPlus

  View on GitHub
  Take a screenshot without injection for Cobalt Strike
  ☆203Jun 7, 2023Updated 2 years ago
• mgeeky / ElusiveMice

  View on GitHub
  Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
  ☆482Jul 12, 2023Updated 2 years ago
• N4kedTurtle / PersistBOF

  View on GitHub
  A BOF to automate common persistence tasks for red teamers
  ☆292Mar 7, 2023Updated 2 years ago
• outflanknl / C2-Tool-Collection

  View on GitHub
  A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
  ☆1,367Oct 27, 2023Updated 2 years ago
• CodeXTF2 / WebcamBOF

  View on GitHub
  Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
  ☆157Mar 26, 2025Updated 11 months ago
• mdsecactivebreach / DragonCastle

  View on GitHub
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆301Oct 26, 2022Updated 3 years ago
• Mr-Un1k0d3r / Elevate-System-Trusted-BOF

  View on GitHub
  ☆162Mar 27, 2023Updated 2 years ago
• netero1010 / RDPHijack-BOF

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.
  ☆312Jul 8, 2022Updated 3 years ago
• rsmudge / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆282Sep 18, 2021Updated 4 years ago
• CodeXTF2 / Burp2Malleable

  View on GitHub
  Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles
  ☆418Apr 6, 2023Updated 2 years ago
• mlcsec / ASRenum-BOF

  View on GitHub
  Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
  ☆160Mar 1, 2024Updated last year
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆293Dec 3, 2023Updated 2 years ago
• rvrsh3ll / BOF_Collection

  View on GitHub
  Various Cobalt Strike BOFs
  ☆743Oct 16, 2022Updated 3 years ago
• Mr-Un1k0d3r / Cookie-and-Handle-Stealer

  View on GitHub
  C or BOF file to extract WebKit master key to decrypt user cookie
  ☆207Apr 29, 2024Updated last year
• Tw1sm / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆223Dec 3, 2025Updated 2 months ago
• xforcered / BOFMask

  View on GitHub
  ☆129Jun 28, 2023Updated 2 years ago
• wavvs / nanorobeus

  View on GitHub
  COFF file (BOF) for managing Kerberos tickets.
  ☆320Jul 2, 2023Updated 2 years ago
• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆220Nov 5, 2021Updated 4 years ago
• m3rcer / Chisel-Strike

  View on GitHub
  A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities.
  ☆459Mar 25, 2024Updated last year
• RalfHacker / Kerbeus-BOF

  View on GitHub
  BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
  ☆546Nov 23, 2025Updated 3 months ago
• CodeXTF2 / WindowSpy

  View on GitHub
  WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
  ☆281Feb 24, 2025Updated last year