NVISOsecurity/cs2br-bof external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

NVISOsecurity/cs2br-bof

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/NVISOsecurity/cs2br-bof)

Close

NVISOsecurity / cs2br-bofView on GitHubMore

• External links
• Readme badge

Run Cobalt Strike BOFs in Brute Ratel C4!

☆86Apr 15, 2025Updated 10 months ago

Alternatives and similar repositories for cs2br-bof

Users that are interested in cs2br-bof are comparing it to the libraries listed below

• passthehashbrowns / BOFMask

  View on GitHub
  ☆126Jun 28, 2023Updated 2 years ago
• ewby / Mockingjay_BOF

  View on GitHub
  Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
  ☆158Nov 7, 2023Updated 2 years ago
• nick-frischkorn / SuspendEventLogBOF

  View on GitHub
  Beacon Object File to locate and suspend the threads hosting the Event Log service
  ☆29Jun 17, 2022Updated 3 years ago
• Mr-Un1k0d3r / Elevate-System-Trusted-BOF

  View on GitHub
  ☆162Mar 27, 2023Updated 2 years ago
• trustedsec / CS_COFFLoader

  View on GitHub
  ☆130Dec 4, 2023Updated 2 years ago
• securifybv / BOFRyptor

  View on GitHub
  ☆123Oct 9, 2023Updated 2 years ago
• EspressoCake / Defender-Exclusions-Creator-BOF

  View on GitHub
  ☆83Nov 1, 2023Updated 2 years ago
• xforcered / BOFMask

  View on GitHub
  ☆129Jun 28, 2023Updated 2 years ago
• rkbennett / pyThreadlessInject

  View on GitHub
  A python port of CCob's ThreadlessInject
  ☆25Mar 18, 2023Updated 2 years ago
• wavvs / nanorobeus

  View on GitHub
  COFF file (BOF) for managing Kerberos tickets.
  ☆320Jul 2, 2023Updated 2 years ago
• antroguy / LocklessBof

  View on GitHub
  Lockless BOF
  ☆79May 2, 2025Updated 9 months ago
• fin3ss3g0d / NativeThreadpool

  View on GitHub
  Work, timer, and wait callback example using solely Native Windows APIs.
  ☆88Feb 11, 2024Updated 2 years ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆368Apr 19, 2023Updated 2 years ago
• paranoidninja / BRC4-BOF-Artillery

  View on GitHub
  ☆146Nov 6, 2025Updated 3 months ago
• NioZow / bof-collection

  View on GitHub
  ☆21Feb 22, 2025Updated last year
• Octoberfest7 / DropSpawn_BOF

  View on GitHub
  CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
  ☆285Jun 8, 2023Updated 2 years ago
• WKL-Sec / Winsocky

  View on GitHub
  Winsocket for Cobalt Strike.
  ☆102Jul 6, 2023Updated 2 years ago
• EspressoCake / ADIDNS_Parser

  View on GitHub
  Parser and reconciliation tooling for large Active Directory environments.
  ☆33Feb 18, 2025Updated last year
• REDMED-X / InjectKit

  View on GitHub
  Modified versions of the Cobalt Strike Process Injection Kit
  ☆106Jan 24, 2024Updated 2 years ago
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 2 years ago
• mandiant / msi-search

  View on GitHub
  ☆292Jul 20, 2023Updated 2 years ago
• Mr-Un1k0d3r / Cookie-and-Handle-Stealer

  View on GitHub
  C or BOF file to extract WebKit master key to decrypt user cookie
  ☆207Apr 29, 2024Updated last year
• yamakadi / ldr

  View on GitHub
  A work in progress BOF/COFF loader in Rust
  ☆50Mar 22, 2023Updated 2 years ago
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆681Oct 23, 2024Updated last year
• Octoberfest7 / CVE-2023-36874_BOF

  View on GitHub
  Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE
  ☆205Aug 25, 2023Updated 2 years ago
• x42en / sysplant

  View on GitHub
  Your syscall factory
  ☆126Jan 13, 2026Updated last month
• Ap3x / COFF-Loader

  View on GitHub
  A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader
  ☆65Dec 16, 2023Updated 2 years ago
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆94Mar 8, 2023Updated 2 years ago
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆346Nov 19, 2024Updated last year
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆101Oct 7, 2023Updated 2 years ago
• c3r3br4t3 / ShadowRDP

  View on GitHub
  ☆75Feb 4, 2024Updated 2 years ago
• Hagrid29 / BOF-RemoteRegSave

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer
  ☆17Mar 4, 2023Updated 2 years ago
• zimnyaa / stoplooking

  View on GitHub
  A simple BOF that disables some logging with NtSetInformationProcess
  ☆13Oct 13, 2023Updated 2 years ago
• Cracked5pider / kaine-assembly

  View on GitHub
  a demo module for the kaine agent to execute and inject assembly modules
  ☆41Aug 28, 2024Updated last year
• CodeXTF2 / WebcamBOF

  View on GitHub
  Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
  ☆158Mar 26, 2025Updated 11 months ago
• S4ntiagoP / freeBokuLoader

  View on GitHub
  A simple BOF that frees UDRLs
  ☆122May 29, 2022Updated 3 years ago
• tijme / cmstplua-uac-bypass

  View on GitHub
  Cobalt Strike Beacon Object File for bypassing UAC via the CMSTPLUA COM interface.
  ☆215Oct 9, 2022Updated 3 years ago
• zimnyaa / xyrella

  View on GitHub
  PoC XLL builder in Python/Nim
  ☆49Nov 21, 2022Updated 3 years ago
• ZephrFish / QoL-BOFs

  View on GitHub
  Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning
  ☆137Dec 7, 2025Updated 2 months ago