BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing — no VSS, no Registry APIs, no PowerShell
☆74Apr 6, 2026Updated this week
Alternatives and similar repositories for UnderlayCopy_bof
Users that are interested in UnderlayCopy_bof are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A Cobalt Strike RL built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and sta…☆184Mar 15, 2026Updated 3 weeks ago
- dcsync bof☆46Feb 13, 2026Updated last month
- Repository focused on advanced Red Team tools and techniques, mainly created with C. It contains projects I have created to understand ma…☆21Mar 23, 2026Updated 2 weeks ago
- A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…☆117Dec 21, 2025Updated 3 months ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 7 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- A portable C# utility for enumerating local and remote windows sessions☆57Jan 1, 2026Updated 3 months ago
- ☆183Oct 21, 2025Updated 5 months ago
- A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…☆113Jan 21, 2026Updated 2 months ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆168Sep 22, 2025Updated 6 months ago
- ☆59Updated this week
- A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user☆41Aug 15, 2024Updated last year
- ☆46Jun 21, 2023Updated 2 years ago
- One WSL BOF to rule them all☆170Jan 14, 2026Updated 2 months ago
- Active Directory information dumper via ADWS for evasion purposes.☆213Feb 23, 2026Updated last month
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Havoc C2 BOF port of the KslD.sys BYOVD technique. Credential extraction from lsass via physical memory — no OpenProcess, no auditable AP…☆62Apr 1, 2026Updated last week
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆86Jan 26, 2026Updated 2 months ago
- A Ligolo-ng JavaScript agent working inside Chrome & Chromium-based browsers by leveraging Isolated Web Applications.☆95Mar 30, 2026Updated last week
- Static Encrypt is an crate that encrypts string literals at compile time and only decrypted at runtime when needed.☆58Jan 17, 2026Updated 2 months ago
- Filesystem interaction via firebeam virtual machine execution☆49Mar 26, 2026Updated last week
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆86Oct 20, 2025Updated 5 months ago
- Modified version of PEAS client for offensive operations☆50Nov 1, 2025Updated 5 months ago
- can convert EXE/DLL into position-independent shellcode☆41Feb 1, 2026Updated 2 months ago
- Rust 重构的 sRDI☆18Sep 9, 2024Updated last year
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆72Dec 26, 2025Updated 3 months ago
- Python3 tool to perform password spraying using RDP☆17Aug 14, 2023Updated 2 years ago
- Proof of concept for Kerberos Armoring abuse.☆82Dec 12, 2025Updated 3 months ago
- A Python POC for CRED1 over SOCKS5☆165Oct 5, 2024Updated last year
- PICO-Implant is a Proof of Concept C2 implant built using Position-independent Code Objects (PICO) for modular functionality. This projec…☆48Nov 9, 2025Updated 4 months ago
- Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions☆64Nov 15, 2025Updated 4 months ago
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆43Dec 7, 2025Updated 4 months ago
- Windows Defender Manager is a tool that helps stop Windows Defender. It works with the Antimalware Service Executable of all versions of …☆43Jan 18, 2025Updated last year
- A Cobalt Strike beacon implemented in Nim.☆26Jul 16, 2025Updated 8 months ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Library for reading and writing dex files☆31Mar 28, 2026Updated last week
- Native C++ access to Active Directory over ADWS, no .NET, no WCF, no HTTP stack.☆61Mar 27, 2026Updated last week
- C2 for studying☆26Aug 10, 2025Updated 7 months ago
- Detonate malware on VMs and get logs & detection status☆89Mar 17, 2026Updated 3 weeks ago
- a BOF implementation of various registry persistence methods☆96Nov 11, 2025Updated 4 months ago
- A multi-platform CI/CD vulnerability detection and attack automation tool for identifying security weaknesses in pipeline configurations.☆128Updated this week
- Executing Shellcode with ReadDirectoryChanges’s Hidden Callback☆30Oct 13, 2025Updated 5 months ago