Octoberfest7/enumhandles_BOF

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Octoberfest7/enumhandles_BOF)

Octoberfest7 / enumhandles_BOF

☆126

Alternatives and similar repositories for enumhandles_BOF

Users that are interested in enumhandles_BOF are comparing it to the libraries listed below

Sorting:

deh00ni / NtDumpBOF
View on GitHub
☆100Sep 1, 2024Updated last year
Tw1sm / SQL-BOF
View on GitHub
Library of BOFs to interact with SQL servers
☆223Dec 3, 2025Updated 2 months ago
lap1nou / CLR_Heap_encryption
View on GitHub
☆101Oct 7, 2023Updated 2 years ago
0xEr3bus / RdpStrike
View on GitHub
Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.
☆250Jun 11, 2024Updated last year
passthehashbrowns / VectoredExceptionHandling
View on GitHub
☆108Aug 21, 2024Updated last year
mlcsec / EDRenum-BOF
View on GitHub
Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
☆128Oct 4, 2024Updated last year
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆434Dec 21, 2023Updated 2 years ago
Octoberfest7 / Secure_Stager
View on GitHub
An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
☆195Nov 27, 2024Updated last year
REDMED-X / OperatorsKit
View on GitHub
Collection of Beacon Object Files (BOF) for Cobalt Strike
☆672Aug 15, 2025Updated 6 months ago
klezVirus / RAIWhateverTrigger
View on GitHub
Local SYSTEM auth trigger for relaying - X
☆155Jul 23, 2025Updated 7 months ago
RalfHacker / Kerbeus-BOF
View on GitHub
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
☆546Nov 23, 2025Updated 3 months ago
securifybv / BOFRyptor
View on GitHub
☆123Oct 9, 2023Updated 2 years ago
susMdT / LoudSunRun
View on GitHub
Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
☆261Oct 16, 2024Updated last year
JanielDary / ImmoralFiber
View on GitHub
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
☆281Sep 18, 2024Updated last year
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆680Oct 23, 2024Updated last year
Octoberfest7 / Enumprotections_BOF
View on GitHub
A BOF to enumerate system process, their protection levels, and more.
☆125Nov 27, 2024Updated last year
iilegacyyii / DataInject-BOF
View on GitHub
Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
☆137Apr 18, 2025Updated 10 months ago
NtDallas / KrakenMask
View on GitHub
Sleep obfuscation
☆268Dec 13, 2024Updated last year
ameenalkerdy / ETWShellcodeLoader
View on GitHub
Shellcode Loader Utilizing ETW Events
☆67Feb 26, 2025Updated last year
xforcered / BOFMask
View on GitHub
☆129Jun 28, 2023Updated 2 years ago
T3nb3w / ComDotNetExploit
View on GitHub
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
☆334Mar 6, 2025Updated 11 months ago
xrombar / flower
View on GitHub
a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
☆110Mar 25, 2024Updated last year
senzee1984 / InflativeLoading
View on GitHub
Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
☆325Apr 12, 2024Updated last year
fin3ss3g0d / NativeThreadpool
View on GitHub
Work, timer, and wait callback example using solely Native Windows APIs.
☆88Feb 11, 2024Updated 2 years ago
boku7 / StringReaper
View on GitHub
Reaping treasures from strings in remote processes memory
☆285Feb 8, 2025Updated last year
rasta-mouse / PPEnum
View on GitHub
Simple BOF to read the protection level of a process
☆118May 10, 2023Updated 2 years ago
WKL-Sec / LayeredSyscall
View on GitHub
Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
☆298Jul 31, 2024Updated last year
Cracked5pider / earlycascade-injection
View on GitHub
early cascade injection PoC based on Outflanks blog post
☆237Nov 7, 2024Updated last year
decoder-it / KrbRelay-SMBServer
View on GitHub
☆235Oct 8, 2024Updated last year
zyn3rgy / smbtakeover
View on GitHub
BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
☆346Nov 19, 2024Updated last year
kleiton0x00 / Proxy-DLL-Loads
View on GitHub
A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
☆409Jan 11, 2026Updated last month
outflanknl / macho-loader
View on GitHub
Position-independent Reflective Loader for macOS
☆112Feb 19, 2026Updated last week
antroguy / LocklessBof
View on GitHub
Lockless BOF
☆79May 2, 2025Updated 9 months ago
iamagarre / BadExclusionsNWBO
View on GitHub
BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR
☆75Feb 9, 2024Updated 2 years ago
itm4n / PPLrevenant
View on GitHub
Bypass LSA protection using the BYODLL technique
☆171Sep 21, 2024Updated last year
ewby / Mockingjay_BOF
View on GitHub
Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
☆158Nov 7, 2023Updated 2 years ago
CICADA8-Research / IHxExec
View on GitHub
Process injection alternative
☆406Sep 6, 2024Updated last year
VoldeSec / PatchlessInlineExecute-Assembly
View on GitHub
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
☆275Apr 17, 2023Updated 2 years ago
REDMED-X / InjectKit
View on GitHub
Modified versions of the Cobalt Strike Process Injection Kit
☆106Jan 24, 2024Updated 2 years ago