OtterHacker/CoffLoader external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

OtterHacker/CoffLoader

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/OtterHacker/CoffLoader)

Close

OtterHacker / CoffLoaderView on GitHubMore

• External links
• Readme badge

☆62Jan 9, 2023Updated 3 years ago

Alternatives and similar repositories for CoffLoader

Users that are interested in CoffLoader are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆150Aug 18, 2022Updated 3 years ago
• rasta-mouse / PPEnum

  View on GitHub
  Simple BOF to read the protection level of a process
  ☆122May 10, 2023Updated 3 years ago
• Allevon412 / BreadManModuleStomping

  View on GitHub
  ☆45Oct 16, 2023Updated 2 years ago
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆294Dec 3, 2023Updated 2 years ago
• timwhitez / Bof2PIC

  View on GitHub
  BOF/COFF obj file to PIC(shellcode). by golang
  ☆39Sep 28, 2022Updated 3 years ago
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• naksyn / ProcessStomping

  View on GitHub
  A variation of ProcessOverwriting to execute shellcode on an executable's section
  ☆147Dec 16, 2023Updated 2 years ago
• Octoberfest7 / EventViewerUAC_BOF

  View on GitHub
  Beacon Object File implementation of Event Viewer deserialization UAC bypass
  ☆133May 6, 2022Updated 4 years ago
• paranoidninja / DotNetTracer

  View on GitHub
  C code to enable ETW tracing for Dotnet Assemblies
  ☆32Aug 12, 2022Updated 3 years ago
• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆285May 13, 2026Updated last week
• thefLink / Hunt-Weird-ImageLoads

  View on GitHub
  Small tool to play with IOCs caused by Imageload events
  ☆44May 14, 2023Updated 3 years ago
• zimnyaa / stoplooking

  View on GitHub
  A simple BOF that disables some logging with NtSetInformationProcess
  ☆14Oct 13, 2023Updated 2 years ago
• Cobalt-Strike / callback_examples

  View on GitHub
  This contains a number of examples demonstrating how to use callback functions in supported aggressor script functions
  ☆39Mar 17, 2025Updated last year
• Ap3x / COFF-Loader

  View on GitHub
  A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader
  ☆71Mar 6, 2026Updated 2 months ago
• EspressoCake / BOF_NativeAPI_Definitions-VSCode

  View on GitHub
  A VSCode plugin to assist with BOF development.
  ☆37Aug 14, 2024Updated last year
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• trustedsec / CS_COFFLoader

  View on GitHub
  ☆138Dec 4, 2023Updated 2 years ago
• Yaxser / COFFLoader2

  View on GitHub
  Load and execute COFF files and Cobalt Strike BOFs in-memory
  ☆226Sep 13, 2022Updated 3 years ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆245Sep 26, 2023Updated 2 years ago
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 3 years ago
• zimnyaa / smbsocks

  View on GitHub
  A simple rpc2socks alternative in pure Go.
  ☆31Jul 8, 2024Updated last year
• EspressoCake / Defender_Exclusions-BOF

  View on GitHub
  A BOF to determine Windows Defender exclusions.
  ☆256Jun 25, 2023Updated 2 years ago
• xforcered / BOFMask

  View on GitHub
  ☆128Jun 28, 2023Updated 2 years ago
• 7h3w4lk3r / Kill-Floor

  View on GitHub
  AV/EDR killer using BYOVD technique
  ☆45Sep 27, 2024Updated last year
• passthehashbrowns / BOFMask

  View on GitHub
  ☆131Jun 28, 2023Updated 2 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• mlcsec / ASRenum-BOF

  View on GitHub
  Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
  ☆163Mar 1, 2024Updated 2 years ago
• audibleblink / xordump

  View on GitHub
  ☆18Aug 15, 2021Updated 4 years ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆103Oct 7, 2023Updated 2 years ago
• EspressoCake / DLL-Exports-Extraction-BOF

  View on GitHub
  DLL Exports Extraction BOF with optional NTFS transactions.
  ☆90Nov 5, 2021Updated 4 years ago
• ewby / Mockingjay_BOF

  View on GitHub
  Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
  ☆159Nov 7, 2023Updated 2 years ago
• Octoberfest7 / DropSpawn_BOF

  View on GitHub
  CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
  ☆288Jun 8, 2023Updated 2 years ago
• chryzsh / linux_bof

  View on GitHub
  ELF Beacon Object File (BOF) Template
  ☆19Nov 18, 2024Updated last year
• dmcxblue / NtCreateUserProcessBOF

  View on GitHub
  An Aggressor Script that utilizes NtCreateUserProcess to run binaries
  ☆31Jan 30, 2025Updated last year
• EspressoCake / DLL_Version_Enumeration_BOF

  View on GitHub
  A BOF for enumerating version information for DLLs associated for a Beacon process.
  ☆16Nov 23, 2021Updated 4 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• Cobalt-Strike / CallStackMasker

  View on GitHub
  A PoC implementation for dynamically masking call stacks with timers.
  ☆311Feb 13, 2023Updated 3 years ago
• 0x00Jeff / BetterGetProcAddress

  View on GitHub
  POC of a better implementation of GetProcAddress for ntdll using binary search
  ☆112Apr 8, 2024Updated 2 years ago
• Allevon412 / SyscallTempering

  View on GitHub
  ☆31Jul 26, 2024Updated last year
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆295Jul 15, 2023Updated 2 years ago
• Hagrid29 / DuplicateDump

  View on GitHub
  Dumping LSASS with a duplicated handle from custom LSA plugin
  ☆206Feb 23, 2022Updated 4 years ago
• naksyn / DojoLoader

  View on GitHub
  Generic PE loader for fast prototyping evasion techniques
  ☆247Jul 2, 2024Updated last year
• enkomio / BrokenFlow

  View on GitHub
  A simple PoC to invoke an encrypted shellcode by using an hidden call
  ☆115Nov 19, 2022Updated 3 years ago