One WSL BOF to rule them all
☆177Jan 14, 2026Updated 5 months ago
Alternatives and similar repositories for the-one-wsl-bof
Users that are interested in the-one-wsl-bof are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆189Oct 21, 2025Updated 7 months ago
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆54Nov 2, 2025Updated 7 months ago
- Atomic test units for BOF execution☆57Apr 26, 2026Updated last month
- Azure apim mini proxy☆60May 18, 2026Updated last month
- Async BOF implementation of 'Rubeus monitor' to detect and automatically extract Kerberos TGTs as they appear on a target system.☆122Jun 10, 2026Updated last week
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Minimal Windows Service Template for demonstrating privilege escalation via weak service executable permissions☆14Nov 13, 2022Updated 3 years ago
- List web account manager (WAM) accounts added to the current profile☆26Dec 11, 2025Updated 6 months ago
- ☆37Nov 8, 2024Updated last year
- BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing — no VSS, no Registry APIs, no PowerShell☆132Apr 6, 2026Updated 2 months ago
- Proof of concept for Kerberos Armoring abuse.☆85Dec 12, 2025Updated 6 months ago
- Bof of RegPwn by MDSec☆124Mar 15, 2026Updated 3 months ago
- A BOF that's a BOF Loader and more☆208Apr 6, 2026Updated 2 months ago
- A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself☆97Apr 9, 2026Updated 2 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆42Aug 5, 2025Updated 10 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Lab research on Windows loader internals, PE loading, stack artifacts, and execution tradeoffs.☆236May 4, 2026Updated last month
- Shellcode capable of bypassing EAF / IAF mitigations☆30Apr 11, 2023Updated 3 years ago
- A portable C# utility for enumerating local and remote windows sessions☆57Jan 1, 2026Updated 5 months ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆86Jan 26, 2026Updated 4 months ago
- Exploitation of CVE-2025-29969☆66Feb 20, 2026Updated 3 months ago
- Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames☆154Nov 23, 2025Updated 6 months ago
- a minimalistic winrm client written in python☆47Apr 17, 2026Updated 2 months ago
- Updated version of a long known self deletion technique to work with 24H2.☆62Jun 9, 2025Updated last year
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, wit…☆296Feb 21, 2026Updated 3 months ago
- ExportHider: Generating Export Table during Runtime to Hide the Exported Functions from the DLL File.☆33Apr 12, 2026Updated 2 months ago
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers☆19Mar 19, 2025Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Beacon Debugger☆56Oct 28, 2024Updated last year
- ☆140Nov 17, 2025Updated 7 months ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆140Aug 25, 2025Updated 9 months ago
- Creating a repository with all public Beacon Object Files (BoFs)☆642Mar 2, 2026Updated 3 months ago
- ForsHops☆154Mar 25, 2025Updated last year
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- ☆127Sep 1, 2024Updated last year
- An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.☆121Oct 6, 2025Updated 8 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆134Oct 4, 2024Updated last year
- Windows User-Mode Shellcode Development Framework (WUMSDF)☆143Nov 17, 2025Updated 7 months ago
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆74Dec 26, 2025Updated 5 months ago
- Port of Cobalt Strike's Process Inject Kit☆194Dec 1, 2024Updated last year
- UDC2 implementation that provides an ICMP C2 channel☆123Nov 24, 2025Updated 6 months ago