Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.
☆103Jan 26, 2026Updated last month
Alternatives and similar repositories for BOFs
Users that are interested in BOFs are comparing it to the libraries listed below
Sorting:
- NSecSoftBYOVD POC☆58Feb 12, 2026Updated last month
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆64Dec 25, 2025Updated 2 months ago
- Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective☆167Jan 12, 2026Updated 2 months ago
- A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…☆116Dec 21, 2025Updated 2 months ago
- Library of BOFs to interact with SQL servers☆16Dec 6, 2024Updated last year
- Lateral Movement Bof with MSI ODBC Driver Install☆147Sep 30, 2025Updated 5 months ago
- Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…☆81Nov 6, 2025Updated 4 months ago
- Enable EFS service as low priv user (PE & BOF)☆21Jul 6, 2025Updated 8 months ago
- An example of how to use Microsoft Windows Warbird technology☆97Apr 23, 2023Updated 2 years ago
- AppLocker-Based EDR Neutralization☆325Dec 19, 2025Updated 3 months ago
- Evasion kit for Cobalt Strike☆30Jan 16, 2026Updated 2 months ago
- A Beacon Object File (BOF) implementation of the 'cat' command☆27Feb 11, 2023Updated 3 years ago
- Python script to leverage MSFT_MTProcess WMI class☆39Sep 17, 2025Updated 6 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 2 months ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆95Mar 8, 2023Updated 3 years ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆168Sep 22, 2025Updated 5 months ago
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆208Dec 17, 2025Updated 3 months ago
- Beacon Object Files (not Buffer Overflows)☆58Mar 6, 2023Updated 3 years ago
- Beacon Object Files (BOF) for Cobalt Strike.☆32Aug 23, 2024Updated last year
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆43Apr 6, 2025Updated 11 months ago
- Linux Shared Library to Shellcode Loader☆88Feb 15, 2026Updated last month
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking☆438Jun 27, 2025Updated 8 months ago
- A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, wit…☆277Feb 21, 2026Updated 3 weeks ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆224Nov 6, 2025Updated 4 months ago
- ☆62Feb 12, 2026Updated last month
- Cobalt Strike Beacon Object File to to change the user's desktop wallpaper☆17Sep 15, 2023Updated 2 years ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 10 months ago
- Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of …☆11Mar 22, 2021Updated 4 years ago
- Sleep obfuscation☆270Dec 13, 2024Updated last year
- Misery Loader to bypass modern EDR solutions☆18Dec 20, 2024Updated last year
- BOF to run PE in Cobalt Strike Beacon without console creation☆187Nov 23, 2025Updated 3 months ago
- A POC for developing BOFs for Sliver, Havoc, Cobalt Strike or most COFFLoaders in Rust.☆75Aug 24, 2025Updated 6 months ago
- Grab unsaved Notepad contents with a Beacon Object File☆55Jun 19, 2022Updated 3 years ago
- Cobalt Strike BOF for evasive .NET assembly execution☆309Mar 31, 2025Updated 11 months ago
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆86Oct 20, 2025Updated 4 months ago
- Execute commands, in/exfiltrate files using your custom RPC Server☆66Jan 13, 2026Updated 2 months ago
- Call stack spoofing for Rust☆361Feb 7, 2025Updated last year
- A BOF that's a BOF Loader and more☆200Jan 17, 2026Updated 2 months ago