FalconForceTeam/SysWhispers2BOF external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

FalconForceTeam/SysWhispers2BOF

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/FalconForceTeam/SysWhispers2BOF)

Close

FalconForceTeam / SysWhispers2BOFView on GitHubMore

• External links
• Readme badge

Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs

☆125May 24, 2022Updated 3 years ago

Alternatives and similar repositories for SysWhispers2BOF

Users that are interested in SysWhispers2BOF are comparing it to the libraries listed below

• guervild / BOFs

  View on GitHub
  Cobalt Strike Beacon Object Files
  ☆167May 2, 2022Updated 3 years ago
• outflanknl / InlineWhispers

  View on GitHub
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
  ☆321Nov 9, 2021Updated 4 years ago
• Octoberfest7 / JumpSession_BOF

  View on GitHub
  Beacon Object File allowing creation of Beacons in different sessions.
  ☆83May 23, 2022Updated 3 years ago
• apokryptein / secinject

  View on GitHub
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆102Jan 7, 2022Updated 4 years ago
• Sh0ckFR / InlineWhispers2

  View on GitHub
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
  ☆187Jul 21, 2022Updated 3 years ago
• rsmudge / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆282Sep 18, 2021Updated 4 years ago
• kyleavery / inject-assembly

  View on GitHub
  Inject .NET assemblies into an existing process
  ☆508Jan 19, 2022Updated 4 years ago
• outflanknl / FindObjects-BOF

  View on GitHub
  A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…
  ☆275May 3, 2023Updated 2 years ago
• ajpc500 / BOFs

  View on GitHub
  Collection of Beacon Object Files
  ☆633Nov 1, 2022Updated 3 years ago
• boku7 / halosgate-ps

  View on GitHub
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆108Mar 8, 2023Updated 2 years ago
• boku7 / spawn

  View on GitHub
  Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…
  ☆470Mar 8, 2023Updated 2 years ago
• anthemtotheego / CredBandit

  View on GitHub
  Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…
  ☆219Jul 14, 2021Updated 4 years ago
• boku7 / HellsGatePPID

  View on GitHub
  Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
  ☆107Mar 8, 2023Updated 2 years ago
• rookuu / BOFs

  View on GitHub
  Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.
  ☆185Feb 11, 2021Updated 5 years ago
• EspressoCake / BeaconDownloadSync

  View on GitHub
  ☆94May 14, 2022Updated 3 years ago
• netero1010 / Quser-BOF

  View on GitHub
  Cobalt Strike BOF for quser.exe implementation using Windows API
  ☆87Mar 22, 2023Updated 2 years ago
• outflanknl / WdToggle

  View on GitHub
  A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
  ☆220May 3, 2023Updated 2 years ago
• Octoberfest7 / KDStab

  View on GitHub
  BOF combination of KillDefender and Backstab
  ☆167Mar 23, 2023Updated 2 years ago
• EspressoCake / PPLDump_BOF

  View on GitHub
  A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.
  ☆143Sep 24, 2021Updated 4 years ago
• S4ntiagoP / freeBokuLoader

  View on GitHub
  A simple BOF that frees UDRLs
  ☆122May 29, 2022Updated 3 years ago
• boku7 / whereami

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL…
  ☆183Mar 13, 2023Updated 2 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• EspressoCake / Toggle_Token_Privileges_BOF

  View on GitHub
  Syscall BOF to arbitrarily add/detract process token privilege rights.
  ☆61Jul 10, 2024Updated last year
• EspressoCake / DLL-Hijack-Search-Order-BOF

  View on GitHub
  DLL Hijack Search Order Enumeration BOF
  ☆149Nov 3, 2021Updated 4 years ago
• Yaxser / CobaltStrike-BOF

  View on GitHub
  Collection of beacon BOF written to learn windows and cobaltstrike
  ☆362Feb 24, 2023Updated 3 years ago
• mgeeky / ElusiveMice

  View on GitHub
  Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
  ☆482Jul 12, 2023Updated 2 years ago
• EncodeGroup / BOF-RegSave

  View on GitHub
  Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File
  ☆216Oct 8, 2020Updated 5 years ago
• CCob / BOF.NET

  View on GitHub
  A .NET Runtime for Cobalt Strike's Beacon Object Files
  ☆771Sep 4, 2024Updated last year
• NVISOsecurity / CobaltWhispers

  View on GitHub
  CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…
  ☆243Jan 4, 2023Updated 3 years ago
• crypt0p3g / bof-collection

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆186Dec 5, 2022Updated 3 years ago
• securifybv / Visual-Studio-BOF-template

  View on GitHub
  A Visual Studio template used to create Cobalt Strike BOFs
  ☆323Nov 17, 2021Updated 4 years ago
• connormcgarr / cThreadHijack

  View on GitHub
  Beacon Object File (BOF) for remote process injection via thread hijacking
  ☆220Jan 13, 2021Updated 5 years ago
• ChoiSG / UuidShellcodeExec

  View on GitHub
  PoC for UUID shellcode execution using DInvoke
  ☆155Mar 8, 2021Updated 4 years ago
• netero1010 / TrustedPath-UACBypass-BOF

  View on GitHub
  Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.…
  ☆146Aug 16, 2021Updated 4 years ago
• jsecu / CredManBOF

  View on GitHub
  ☆99Sep 20, 2021Updated 4 years ago
• netero1010 / ServiceMove-BOF

  View on GitHub
  New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
  ☆301Feb 23, 2022Updated 4 years ago
• trustedsec / COFFLoader

  View on GitHub
  ☆615Jul 21, 2025Updated 7 months ago
• alfarom256 / BOF-ForeignLsass

  View on GitHub
  ☆101Aug 23, 2021Updated 4 years ago
• EspressoCake / Self_Deletion_BOF

  View on GitHub
  BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs
  ☆187Oct 3, 2021Updated 4 years ago