MayerDaniel/the-one-wsl-bof external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

MayerDaniel/the-one-wsl-bof

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/MayerDaniel/the-one-wsl-bof)

Close

MayerDaniel / the-one-wsl-bofView on GitHubMore

• External links
• Readme badge

One WSL BOF to rule them all

☆159Jan 14, 2026Updated last month

Alternatives and similar repositories for the-one-wsl-bof

Users that are interested in the-one-wsl-bof are comparing it to the libraries listed below

• mandiant / cleanldap

  View on GitHub
  ☆171Oct 21, 2025Updated 4 months ago
• 0xTriboulet / InlineExecuteEx

  View on GitHub
  A BOF that's a BOF Loader and more
  ☆199Jan 17, 2026Updated last month
• kmahyyg / go-rawcopy

  View on GitHub
  RawCopy - Golang implementation
  ☆24Oct 27, 2022Updated 3 years ago
• ricardojoserf / w11_shadow_copies

  View on GitHub
  Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11
  ☆84Jan 26, 2026Updated last month
• Tw1sm / list-wam-accounts

  View on GitHub
  List web account manager (WAM) accounts added to the current profile
  ☆22Dec 11, 2025Updated 2 months ago
• wolfcod / beacondbg

  View on GitHub
  Beacon Debugger
  ☆55Oct 28, 2024Updated last year
• monsieurPale / BreakFAST

  View on GitHub
  Proof of concept for Kerberos Armoring abuse.
  ☆81Dec 12, 2025Updated 2 months ago
• MaangoTaachyon / SelfDeletion-Updated

  View on GitHub
  Updated version of a long known self deletion technique to work with 24H2.
  ☆61Jun 9, 2025Updated 9 months ago
• draktuls / IAF-EAF-Shellcode-bypass-PoC

  View on GitHub
  Shellcode capable of bypassing EAF / IAF mitigations
  ☆28Apr 11, 2023Updated 2 years ago
• tothi / malicious-service

  View on GitHub
  Minimal Windows Service Template for demonstrating privilege escalation via weak service executable permissions
  ☆14Nov 13, 2022Updated 3 years ago
• maxDcb / DreamWalkers

  View on GitHub
  Reflective shellcode loaderwith advanced call stack spoofing and .NET support.
  ☆227Sep 19, 2025Updated 5 months ago
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆284Feb 8, 2025Updated last year
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• whokilleddb / hoontr

  View on GitHub
  A hoontr must hoont
  ☆106Nov 27, 2025Updated 3 months ago
• N7WEra / BofAllTheThings

  View on GitHub
  Creating a repository with all public Beacon Object Files (BoFs)
  ☆577Aug 30, 2023Updated 2 years ago
• xforcered / ForsHops

  View on GitHub
  ForsHops
  ☆152Mar 25, 2025Updated 11 months ago
• casp3r0x0 / CallWindowProcW-ShellcodeLoader

  View on GitHub
  ☆19Sep 1, 2025Updated 6 months ago
• ANYLNK / NSecSoftBYOVD

  View on GitHub
  NSecSoftBYOVD POC
  ☆58Feb 12, 2026Updated 3 weeks ago
• NtDallas / BOF_Spawn

  View on GitHub
  Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
  ☆152Nov 23, 2025Updated 3 months ago
• winterknife / SILVERPICK

  View on GitHub
  Windows User-Mode Shellcode Development Framework (WUMSDF)
  ☆126Nov 17, 2025Updated 3 months ago
• klezVirus / Moonwalk--

  View on GitHub
  Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption
  ☆204Dec 17, 2025Updated 2 months ago
• Cobalt-Strike / icmp-udc2

  View on GitHub
  UDC2 implementation that provides an ICMP C2 channel
  ☆115Nov 24, 2025Updated 3 months ago
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• Maldev-Academy / GhostlyHollowingViaTamperedSyscalls2

  View on GitHub
  Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection
  ☆71Dec 26, 2025Updated 2 months ago
• bitdefender / hypervinject-poc

  View on GitHub
  ☆59Feb 19, 2026Updated 2 weeks ago
• kfallahi / NTLMPasswordChanger

  View on GitHub
  PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.
  ☆72Oct 22, 2025Updated 4 months ago
• RayRRT / ESC1-unPAC

  View on GitHub
  A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…
  ☆116Dec 21, 2025Updated 2 months ago
• MEhrn00 / boflink

  View on GitHub
  Linker for Beacon Object Files
  ☆159Feb 22, 2026Updated 2 weeks ago
• dazzyddos / lsawhisper-bof

  View on GitHub
  A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, wit…
  ☆265Feb 21, 2026Updated 2 weeks ago
• CodeXTF2 / CustomC2ChannelTemplate

  View on GitHub
  template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.
  ☆101Jan 10, 2026Updated last month
• atomiczsec / Adrenaline

  View on GitHub
  Collection of BOFs created for red team/adversary engagements. Created to be small and interchangeable, for quick recon or eventing.
  ☆240Feb 20, 2026Updated 2 weeks ago
• Cobalt-Strike / sleepmask-vs

  View on GitHub
  A simple Sleepmask BOF example
  ☆169Nov 24, 2025Updated 3 months ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆382Dec 13, 2024Updated last year
• ryanq47 / CS-EXTC2-ICMP

  View on GitHub
  An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.
  ☆116Oct 6, 2025Updated 5 months ago
• pard0p / Self-Cleaning-PICO-Loader

  View on GitHub
  Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …
  ☆49Nov 2, 2025Updated 4 months ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆345Nov 19, 2024Updated last year
• lsecqt / SessionView

  View on GitHub
  A portable C# utility for enumerating local and remote windows sessions
  ☆56Jan 1, 2026Updated 2 months ago
• AlmondOffSec / LibTPLoadLib

  View on GitHub
  Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…
  ☆80Nov 6, 2025Updated 4 months ago