Alternatives and similar repositories for the-one-wsl-bof

Users that are interested in the-one-wsl-bof are comparing it to the libraries listed below

• mandiant / cleanldap

  View on GitHub
  ☆164Oct 21, 2025Updated 3 months ago
• 0xTriboulet / InlineExecuteEx

  View on GitHub
  A BOF that's a BOF Loader and more
  ☆196Jan 17, 2026Updated 3 weeks ago
• monsieurPale / BreakFAST

  View on GitHub
  Proof of concept for Kerberos Armoring abuse.
  ☆78Dec 12, 2025Updated 2 months ago
• MaangoTaachyon / SelfDeletion-Updated

  View on GitHub
  Updated version of a long known self deletion technique to work with 24H2.
  ☆61Jun 9, 2025Updated 8 months ago
• draktuls / IAF-EAF-Shellcode-bypass-PoC

  View on GitHub
  Shellcode capable of bypassing EAF / IAF mitigations
  ☆28Apr 11, 2023Updated 2 years ago
• tothi / malicious-service

  View on GitHub
  Minimal Windows Service Template for demonstrating privilege escalation via weak service executable permissions
  ☆14Nov 13, 2022Updated 3 years ago
• maxDcb / DreamWalkers

  View on GitHub
  Reflective shellcode loaderwith advanced call stack spoofing and .NET support.
  ☆225Sep 19, 2025Updated 4 months ago
• whokilleddb / hoontr

  View on GitHub
  A hoontr must hoont
  ☆102Nov 27, 2025Updated 2 months ago
• casp3r0x0 / CallWindowProcW-ShellcodeLoader

  View on GitHub
  ☆18Sep 1, 2025Updated 5 months ago
• xforcered / ForsHops

  View on GitHub
  ForsHops
  ☆152Mar 25, 2025Updated 10 months ago
• NtDallas / BOF_Spawn

  View on GitHub
  Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
  ☆150Nov 23, 2025Updated 2 months ago
• winterknife / SILVERPICK

  View on GitHub
  Windows User-Mode Shellcode Development Framework (WUMSDF)
  ☆123Nov 17, 2025Updated 2 months ago
• wolfcod / beacondbg

  View on GitHub
  Beacon Debugger
  ☆55Oct 28, 2024Updated last year
• ricardojoserf / w11_shadow_copies

  View on GitHub
  Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11
  ☆81Jan 26, 2026Updated 3 weeks ago
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆285Feb 8, 2025Updated last year
• bitdefender / hypervinject-poc

  View on GitHub
  ☆58Jul 31, 2025Updated 6 months ago
• Maldev-Academy / GhostlyHollowingViaTamperedSyscalls2

  View on GitHub
  ☆70Dec 26, 2025Updated last month
• kfallahi / NTLMPasswordChanger

  View on GitHub
  PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.
  ☆72Oct 22, 2025Updated 3 months ago
• MEhrn00 / boflink

  View on GitHub
  Linker for Beacon Object Files
  ☆149Feb 8, 2026Updated last week
• CodeXTF2 / CustomC2ChannelTemplate

  View on GitHub
  template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.
  ☆101Jan 10, 2026Updated last month
• atomiczsec / Adrenaline

  View on GitHub
  Collection of BOFs created for red team/adversary engagements. Created to be small and interchangeable, for quick recon or eventing.
  ☆233Feb 9, 2026Updated last week
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• AlmondOffSec / LibTPLoadLib

  View on GitHub
  Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…
  ☆73Nov 6, 2025Updated 3 months ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆381Dec 13, 2024Updated last year
• ryanq47 / CS-EXTC2-ICMP

  View on GitHub
  An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.
  ☆114Oct 6, 2025Updated 4 months ago
• lsecqt / SessionView

  View on GitHub
  A portable C# utility for enumerating local and remote windows sessions
  ☆54Jan 1, 2026Updated last month
• N7WEra / BofAllTheThings

  View on GitHub
  Creating a repository with all public Beacon Object Files (BoFs)
  ☆572Aug 30, 2023Updated 2 years ago
• pard0p / Self-Cleaning-PICO-Loader

  View on GitHub
  Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …
  ☆48Nov 2, 2025Updated 3 months ago
• kmahyyg / go-rawcopy

  View on GitHub
  RawCopy - Golang implementation
  ☆24Oct 27, 2022Updated 3 years ago
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆345Nov 19, 2024Updated last year
• tijme / relocatable

  View on GitHub
  Boilerplate to develop raw and truly Position Independent Code (PIC).
  ☆116Jan 20, 2025Updated last year
• garrettfoster13 / mssqlkaren

  View on GitHub
  modified mssqlclient from impacket to extract policies from the SCCM database
  ☆42Nov 4, 2025Updated 3 months ago
• CodeXTF2 / Cobaltstrike_BOFLoader

  View on GitHub
  open source port/reimplementation of the Cobalt Strike BOF Loader as is
  ☆64Feb 3, 2026Updated last week
• kozmer / aad-bofs

  View on GitHub
  ☆137Nov 17, 2025Updated 2 months ago
• synacktiv / GroupPolicyBackdoor

  View on GitHub
  Group Policy Objects manipulation and exploitation framework
  ☆289Dec 7, 2025Updated 2 months ago
• zer0condition / NTMemory

  View on GitHub
  Usermode NT Explorer - Query kernel addresses, translate virtual to physical addresses, inspect the PFN database, and more.
  ☆68Jan 27, 2026Updated 2 weeks ago
• Hypnoze57 / rpc2efs

  View on GitHub
  Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)
  ☆129Oct 23, 2025Updated 3 months ago
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• Mojo8898 / aliasr

  View on GitHub
  Aliasr is a modern, feature-rich TUI launcher for penetration testing commands inspired by Arsenal, but with significantly improved funct…
  ☆92Jan 26, 2026Updated 3 weeks ago