OG-Sadpanda/SharpZippo external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

OG-Sadpanda/SharpZippo

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/OG-Sadpanda/SharpZippo)

Close

OG-Sadpanda / SharpZippoView on GitHubMore

• External links
• Readme badge

List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly

☆61May 24, 2022Updated 3 years ago

Alternatives and similar repositories for SharpZippo

Users that are interested in SharpZippo are comparing it to the libraries listed below

• Octoberfest7 / JumpSession_BOF

  View on GitHub
  Beacon Object File allowing creation of Beacons in different sessions.
  ☆83May 23, 2022Updated 3 years ago
• KINGSABRI / ServerlessRedirector

  View on GitHub
  Serverless Redirector in various cloud vendor for red team
  ☆73Dec 8, 2022Updated 3 years ago
• Octoberfest7 / EventViewerUAC_BOF

  View on GitHub
  Beacon Object File implementation of Event Viewer deserialization UAC bypass
  ☆133May 6, 2022Updated 3 years ago
• crypt0p3g / bof-collection

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆186Dec 5, 2022Updated 3 years ago
• MaorSabag / fileSearcher

  View on GitHub
  A simple BOF (Beacon Object File) to search files in the system
  ☆15Dec 2, 2023Updated 2 years ago
• Hagrid29 / DuplicateDump

  View on GitHub
  Dumping LSASS with a duplicated handle from custom LSA plugin
  ☆204Feb 23, 2022Updated 4 years ago
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆293Dec 3, 2023Updated 2 years ago
• Mr-Un1k0d3r / Elevate-System-Trusted-BOF

  View on GitHub
  ☆162Mar 27, 2023Updated 2 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• WKL-Sec / WMIExec

  View on GitHub
  Set of python scripts which perform different ways of command execution via WMI protocol.
  ☆165Jun 29, 2023Updated 2 years ago
• netero1010 / Quser-BOF

  View on GitHub
  Cobalt Strike BOF for quser.exe implementation using Windows API
  ☆87Mar 22, 2023Updated 2 years ago
• werdhaihai / AtlasReaper

  View on GitHub
  A command-line tool for reconnaissance and targeted write operations on Confluence and Jira instances.
  ☆271Sep 14, 2023Updated 2 years ago
• Octoberfest7 / KDStab

  View on GitHub
  BOF combination of KillDefender and Backstab
  ☆167Mar 23, 2023Updated 2 years ago
• guervild / BOFs

  View on GitHub
  Cobalt Strike Beacon Object Files
  ☆167May 2, 2022Updated 3 years ago
• S4ntiagoP / freeBokuLoader

  View on GitHub
  A simple BOF that frees UDRLs
  ☆122May 29, 2022Updated 3 years ago
• Octoberfest7 / Cohab_Processes

  View on GitHub
  A small Aggressor script to help Red Teams identify foreign processes on a host machine
  ☆84Jan 6, 2023Updated 3 years ago
• trainr3kt / NoteThief

  View on GitHub
  Grab unsaved Notepad contents with a Beacon Object File
  ☆55Jun 19, 2022Updated 3 years ago
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 2 years ago
• Mr-Un1k0d3r / Cookie-and-Handle-Stealer

  View on GitHub
  C or BOF file to extract WebKit master key to decrypt user cookie
  ☆207Apr 29, 2024Updated last year
• fin3ss3g0d / IoDllProxyLoad

  View on GitHub
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆63Mar 19, 2024Updated last year
• securifybv / BOFRyptor

  View on GitHub
  ☆123Oct 9, 2023Updated 2 years ago
• jfmaes / DeepSleep

  View on GitHub
  all credits go to @mgeeky
  ☆65Oct 14, 2021Updated 4 years ago
• zimnyaa / nim-noload-dll-hollowing

  View on GitHub
  Unused DLL hollowing PoC in Nim
  ☆17Jan 31, 2022Updated 4 years ago
• CodeXTF2 / ScreenshotBOF

  View on GitHub
  An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memor…
  ☆490Dec 7, 2025Updated 2 months ago
• OG-Sadpanda / SharpSword

  View on GitHub
  Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly
  ☆117Sep 30, 2024Updated last year
• optiv / Registry-Recon

  View on GitHub
  Cobalt Strike Aggressor Script that Performs System/AV/EDR Recon
  ☆342Jun 6, 2022Updated 3 years ago
• netero1010 / TrustedPath-UACBypass-BOF

  View on GitHub
  Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.…
  ☆146Aug 16, 2021Updated 4 years ago
• EspressoCake / BeaconDownloadSync

  View on GitHub
  ☆94May 14, 2022Updated 3 years ago
• NVISOsecurity / CobaltWhispers

  View on GitHub
  CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…
  ☆243Jan 4, 2023Updated 3 years ago
• Octoberfest7 / CS_Uploads_Tracker

  View on GitHub
  Aggressor script add-in for CobaltStrike to track file uploads
  ☆48Nov 7, 2022Updated 3 years ago
• mlcsec / ASRenum-BOF

  View on GitHub
  Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
  ☆160Mar 1, 2024Updated 2 years ago
• Tw1sm / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆223Dec 3, 2025Updated 2 months ago
• susMdT / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆52Dec 4, 2023Updated 2 years ago
• wsummerhill / CSharp-Alt-Shellcode-Callbacks

  View on GitHub
  A collection of (even more) alternative shellcode callback methods in CSharp
  ☆81Oct 26, 2024Updated last year
• Kara-4search / Fiber_ShellcodeExecution

  View on GitHub
  Using fibers to execute shellcode in a local process via csharp
  ☆28Jan 2, 2022Updated 4 years ago
• jsecu / ElevatedEvents

  View on GitHub
  ☆30Nov 7, 2022Updated 3 years ago
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆675Aug 15, 2025Updated 6 months ago
• mertdas / PrivKit

  View on GitHub
  PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
  ☆568Jan 20, 2026Updated last month
• susMdT / effective-waffle

  View on GitHub
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69May 11, 2023Updated 2 years ago