Alternatives and similar repositories for ZenLdr

Users that are interested in ZenLdr are comparing it to the libraries listed below

• NVISOsecurity / CobaltWhispers

  View on GitHub
  CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…
  ☆243Jan 4, 2023Updated 3 years ago
• yamakadi / ldr

  View on GitHub
  A work in progress BOF/COFF loader in Rust
  ☆50Mar 22, 2023Updated 2 years ago
• susMdT / effective-waffle

  View on GitHub
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69May 11, 2023Updated 2 years ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆366Apr 19, 2023Updated 2 years ago
• iilegacyyii / ThreadlessInject-BOF

  View on GitHub
  BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…
  ☆394Jan 9, 2024Updated 2 years ago
• memN0ps / venom-rs

  View on GitHub
  Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)
  ☆360Mar 2, 2024Updated last year
• codewhitesec / Lastenzug

  View on GitHub
  Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
  ☆235Oct 18, 2022Updated 3 years ago
• snovvcrash / BOFs

  View on GitHub
  Beacon Object Files (not Buffer Overflows)
  ☆58Mar 6, 2023Updated 2 years ago
• janoglezcampos / c_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆138Sep 12, 2022Updated 3 years ago
• jsecu / BOF-pack-1

  View on GitHub
  A care package of useful bofs for red team engagments
  ☆55Dec 6, 2024Updated last year
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆432Dec 21, 2023Updated 2 years ago
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 2 years ago
• Mr-Un1k0d3r / Elevate-System-Trusted-BOF

  View on GitHub
  ☆161Mar 27, 2023Updated 2 years ago
• nettitude / RunOF

  View on GitHub
  ☆152Jan 6, 2023Updated 3 years ago
• RistBS / ContextMenuHijack

  View on GitHub
  Execute a payload at each right click on a file/folder in the explorer menu for persistence
  ☆176Mar 15, 2023Updated 2 years ago
• MrAle98 / BOF-RunPE

  View on GitHub
  ☆57Apr 19, 2023Updated 2 years ago
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆671Aug 15, 2025Updated 5 months ago
• Octoberfest7 / MemFiles

  View on GitHub
  A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
  ☆474Jul 6, 2024Updated last year
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,004Jun 4, 2024Updated last year
• Yaxser / COFFLoader2

  View on GitHub
  Load and execute COFF files and Cobalt Strike BOFs in-memory
  ☆226Sep 13, 2022Updated 3 years ago
• zimnyaa / stoplooking

  View on GitHub
  A simple BOF that disables some logging with NtSetInformationProcess
  ☆13Oct 13, 2023Updated 2 years ago
• VoldeSec / PatchlessInlineExecute-Assembly

  View on GitHub
  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
  ☆271Apr 17, 2023Updated 2 years ago
• mr-r3bot / bof-modules

  View on GitHub
  BOF for C2 framework
  ☆44Nov 9, 2024Updated last year
• 0x00Check / ExploitLeakedHandle

  View on GitHub
  Identify and exploit leaked handles for local privilege escalation.
  ☆111Jun 19, 2023Updated 2 years ago
• Cobalt-Strike / CallStackMasker

  View on GitHub
  A PoC implementation for dynamically masking call stacks with timers.
  ☆310Feb 13, 2023Updated 3 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• WKL-Sec / StackMask

  View on GitHub
  A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.
  ☆66May 2, 2023Updated 2 years ago
• ScriptIdiot / sleepmask_PatchlessHook

  View on GitHub
  Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
  ☆86Mar 19, 2023Updated 2 years ago
• alfarom256 / StinkyLoader

  View on GitHub
  It stinks
  ☆105Apr 22, 2022Updated 3 years ago
• passthehashbrowns / BOFMask

  View on GitHub
  ☆126Jun 28, 2023Updated 2 years ago
• wavvs / nanorobeus

  View on GitHub
  COFF file (BOF) for managing Kerberos tickets.
  ☆321Jul 2, 2023Updated 2 years ago
• x0reaxeax / PageSplit

  View on GitHub
  Splitting and executing shellcode across multiple pages
  ☆103Jun 8, 2023Updated 2 years ago
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• ewby / Mockingjay_BOF

  View on GitHub
  Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
  ☆158Nov 7, 2023Updated 2 years ago
• REDMED-X / InjectKit

  View on GitHub
  Modified versions of the Cobalt Strike Process Injection Kit
  ☆105Jan 24, 2024Updated 2 years ago
• paranoidninja / Proxy-DLL-Loads

  View on GitHub
  The code is a pingback to the Dark Vortex blog:
  ☆187Jan 26, 2023Updated 3 years ago
• yamakadi / clroxide

  View on GitHub
  A rust library that allows you to host the CLR and execute dotnet binaries.
  ☆235Mar 12, 2025Updated 11 months ago
• boku7 / whereami

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL…
  ☆183Mar 13, 2023Updated 2 years ago
• EvanMcBroom / perfect-loader

  View on GitHub
  Load a dynamic library from memory by modifying the native Windows loader
  ☆282Jun 18, 2025Updated 7 months ago