MayerDaniel/the-one-wsl-bof external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

MayerDaniel/the-one-wsl-bof

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/MayerDaniel/the-one-wsl-bof)

Close

MayerDaniel / the-one-wsl-bofView on GitHubMore

• External links
• Readme badge

One WSL BOF to rule them all

☆174Jan 14, 2026Updated 3 months ago

Alternatives and similar repositories for the-one-wsl-bof

Users that are interested in the-one-wsl-bof are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• mandiant / cleanldap

  View on GitHub
  ☆186Oct 21, 2025Updated 5 months ago
• pard0p / Self-Cleaning-PICO-Loader

  View on GitHub
  Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …
  ☆52Nov 2, 2025Updated 5 months ago
• Flangvik / RegPwnBOF

  View on GitHub
  Bof of RegPwn by MDSec
  ☆117Mar 15, 2026Updated last month
• Muz1K1zuM / UnderlayCopy_bof

  View on GitHub
  BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing — no VSS, no Registry APIs, no PowerShell
  ☆118Apr 6, 2026Updated last week
• monsieurPale / BreakFAST

  View on GitHub
  Proof of concept for Kerberos Armoring abuse.
  ☆82Dec 12, 2025Updated 4 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• crtvrffnrt / apimspray

  View on GitHub
  Azure apim mini proxy
  ☆56Feb 16, 2026Updated 2 months ago
• ColeHouston / theHandler-BOF

  View on GitHub
  Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
  ☆40Aug 5, 2025Updated 8 months ago
• maxDcb / DreamWalkers

  View on GitHub
  Reflective shellcode loaderwith advanced call stack spoofing and .NET support.
  ☆231Sep 19, 2025Updated 6 months ago
• draktuls / IAF-EAF-Shellcode-bypass-PoC

  View on GitHub
  Shellcode capable of bypassing EAF / IAF mitigations
  ☆28Apr 11, 2023Updated 3 years ago
• ricardojoserf / w11_shadow_copies

  View on GitHub
  Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11
  ☆86Jan 26, 2026Updated 2 months ago
• tothi / malicious-service

  View on GitHub
  Minimal Windows Service Template for demonstrating privilege escalation via weak service executable permissions
  ☆14Nov 13, 2022Updated 3 years ago
• SafeBreach-Labs / EventLogin-CVE-2025-29969

  View on GitHub
  Exploitation of CVE-2025-29969
  ☆63Feb 20, 2026Updated last month
• HulkOperator / Spoof-RetAddr

  View on GitHub
  ☆37Nov 8, 2024Updated last year
• Tw1sm / list-wam-accounts

  View on GitHub
  List web account manager (WAM) accounts added to the current profile
  ☆26Dec 11, 2025Updated 4 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• 0xTriboulet / InlineExecuteEx

  View on GitHub
  A BOF that's a BOF Loader and more
  ☆202Apr 6, 2026Updated last week
• wolfcod / beacondbg

  View on GitHub
  Beacon Debugger
  ☆55Oct 28, 2024Updated last year
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• kmahyyg / go-rawcopy

  View on GitHub
  RawCopy - Golang implementation
  ☆24Oct 27, 2022Updated 3 years ago
• Maldev-Academy / GhostlyHollowingViaTamperedSyscalls2

  View on GitHub
  Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection
  ☆74Dec 26, 2025Updated 3 months ago
• NtDallas / BOF_Spawn

  View on GitHub
  Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
  ☆155Nov 23, 2025Updated 4 months ago
• dazzyddos / lsawhisper-bof

  View on GitHub
  A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, wit…
  ☆292Feb 21, 2026Updated last month
• winterknife / SILVERPICK

  View on GitHub
  Windows User-Mode Shellcode Development Framework (WUMSDF)
  ☆130Nov 17, 2025Updated 5 months ago
• rasta-mouse / process-inject-kit

  View on GitHub
  Port of Cobalt Strike's Process Inject Kit
  ☆193Dec 1, 2024Updated last year
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• Cobalt-Strike / icmp-udc2

  View on GitHub
  UDC2 implementation that provides an ICMP C2 channel
  ☆120Nov 24, 2025Updated 4 months ago
• leftp / RegPersist

  View on GitHub
  a BOF implementation of various registry persistence methods
  ☆97Nov 11, 2025Updated 5 months ago
• lsecqt / SessionView

  View on GitHub
  A portable C# utility for enumerating local and remote windows sessions
  ☆57Jan 1, 2026Updated 3 months ago
• N7WEra / BofAllTheThings

  View on GitHub
  Creating a repository with all public Beacon Object Files (BoFs)
  ☆627Mar 2, 2026Updated last month
• casp3r0x0 / CallWindowProcW-ShellcodeLoader

  View on GitHub
  ☆19Sep 1, 2025Updated 7 months ago
• Cobalt-Strike / sleepmask-vs

  View on GitHub
  A simple Sleepmask BOF example
  ☆172Nov 24, 2025Updated 4 months ago
• Hypnoze57 / rpc2efs

  View on GitHub
  Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)
  ☆136Oct 23, 2025Updated 5 months ago
• atomiczsec / Adrenaline

  View on GitHub
  C2-agnostic BOF collection, categorized by attack chain phase. Designed to be small and modular, allowing for quick execution and automat…
  ☆287Apr 8, 2026Updated last week
• garrettfoster13 / mssqlkaren

  View on GitHub
  modified mssqlclient from impacket to extract policies from the SCCM database
  ☆47Feb 24, 2026Updated last month
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• nicocha30 / ligolo-iwa

  View on GitHub
  A Ligolo-ng JavaScript agent working inside Chrome & Chromium-based browsers by leveraging Isolated Web Applications.
  ☆121Mar 30, 2026Updated 2 weeks ago
• kozmer / aad-bofs

  View on GitHub
  ☆138Nov 17, 2025Updated 5 months ago
• RayRRT / ESC1-unPAC

  View on GitHub
  A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…
  ☆117Dec 21, 2025Updated 3 months ago
• PhantomSecurityGroup / Crystal-Kit

  View on GitHub
  Evasion kit for Cobalt Strike
  ☆30Jan 16, 2026Updated 3 months ago
• tijme / relocatable

  View on GitHub
  Boilerplate to develop raw and truly Position Independent Code (PIC).
  ☆117Jan 20, 2025Updated last year
• kypvas / LDIFToBloodHound

  View on GitHub
  A Windows tool that converts LDIF files to BloodHound CE
  ☆31Dec 20, 2025Updated 3 months ago
• Nomad0x7 / sekken-enum

  View on GitHub
  adws enumeration bof
  ☆170Feb 16, 2026Updated 2 months ago