RayRRT/BOFs

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/RayRRT/BOFs)

RayRRT / BOFs

Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.

☆101

Alternatives and similar repositories for BOFs

Users that are interested in BOFs are comparing it to the libraries listed below

Sorting:

ANYLNK / NSecSoftBYOVD
View on GitHub
NSecSoftBYOVD POC
☆56Feb 12, 2026Updated 2 weeks ago
zyn3rgy / RelayInformer
View on GitHub
Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective
☆166Jan 12, 2026Updated last month
buldansec / EnableEFS
View on GitHub
Enable EFS service as low priv user (PE & BOF)
☆21Jul 6, 2025Updated 7 months ago
RayRRT / ESC1-unPAC
View on GitHub
A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…
☆116Dec 21, 2025Updated 2 months ago
AlmondOffSec / LibTPLoadLib
View on GitHub
Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…
☆75Nov 6, 2025Updated 3 months ago
jhalon / cSessionHop
View on GitHub
Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM
☆63Dec 25, 2025Updated 2 months ago
hackforyourentertainment / Misery
View on GitHub
Misery Loader to bypass modern EDR solutions
☆18Dec 20, 2024Updated last year
rxOred / process-hollowing
View on GitHub
process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
☆31Jan 9, 2022Updated 4 years ago
werdhaihai / msi_lateral_mv
View on GitHub
Lateral Movement Bof with MSI ODBC Driver Install
☆144Sep 30, 2025Updated 4 months ago
CCob / SQL-BOF
View on GitHub
Library of BOFs to interact with SQL servers
☆16Dec 6, 2024Updated last year
tvgdb / cobaltstrike-cat-bof
View on GitHub
A Beacon Object File (BOF) implementation of the 'cat' command
☆26Feb 11, 2023Updated 3 years ago
dmcxblue / PyObscura
View on GitHub
A python script that automates a C2 Profile build
☆48Dec 14, 2025Updated 2 months ago
boku7 / xPipe
View on GitHub
Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
☆94Mar 8, 2023Updated 2 years ago
0xthirteen / mtprocess
View on GitHub
Python script to leverage MSFT_MTProcess WMI class
☆39Sep 17, 2025Updated 5 months ago
Patrick0x41 / BOF_All_Things
View on GitHub
Beacon Object Files (BOF) for Cobalt Strike.
☆32Aug 23, 2024Updated last year
Maldev-Academy / HookingLsassForCredentials
View on GitHub
Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
☆54May 12, 2025Updated 9 months ago
logangoins / BadTakeover-BOF
View on GitHub
Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
☆85Oct 20, 2025Updated 4 months ago
trainr3kt / NoteThief
View on GitHub
Grab unsaved Notepad contents with a Beacon Object File
☆55Jun 19, 2022Updated 3 years ago
zero2504 / EDR-GhostLocker
View on GitHub
AppLocker-Based EDR Neutralization
☆321Dec 19, 2025Updated 2 months ago
NtDallas / OdinLdr
View on GitHub
Cobaltstrike Reflective Loader with Synthetic Stackframe
☆185Jan 17, 2026Updated last month
snovvcrash / BOFs
View on GitHub
Beacon Object Files (not Buffer Overflows)
☆58Mar 6, 2023Updated 2 years ago
nettitude / ElephantPoint
View on GitHub
☆47Feb 12, 2026Updated 2 weeks ago
zyn3rgy / smbtakeover
View on GitHub
BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
☆346Nov 19, 2024Updated last year
rtecCyberSec / BitlockMove
View on GitHub
Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking
☆436Jun 27, 2025Updated 8 months ago
M1ndo / WerDump
View on GitHub
A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass
☆167Sep 22, 2025Updated 5 months ago
KickedDroid / bof_oxide
View on GitHub
A POC for developing BOFs for Sliver, Havoc, Cobalt Strike or most COFFLoaders in Rust.
☆74Aug 24, 2025Updated 6 months ago
TwoSevenOneT / EDR-Redir
View on GitHub
EDR-Redir : a tool used to redirect the EDR's folder to another location.
☆222Nov 6, 2025Updated 3 months ago
dmcxblue / Claude-C2
View on GitHub
Utilizng an MCP Server to communicate with your C2
☆86May 15, 2025Updated 9 months ago
garrettfoster13 / mssqlkaren
View on GitHub
modified mssqlclient from impacket to extract policies from the SCCM database
☆44Updated this week
sliverarmory / malasada
View on GitHub
Linux Shared Library to Shellcode Loader
☆80Feb 15, 2026Updated last week
kyxiaxiang / 360WFP_Exploit
View on GitHub
BYOVD: Use 360 WFP driver to block EDR/XDR network connection.
☆98Feb 10, 2026Updated 2 weeks ago
dazzyddos / lsawhisper-bof
View on GitHub
A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, wit…
☆145Updated this week
JohnSwiftC / rustdllproxy
View on GitHub
Generate Proxy DLLs in Rust
☆47Sep 2, 2025Updated 5 months ago
0xS2V2 / marsform
View on GitHub
terraform deployment for red team
☆26Dec 13, 2022Updated 3 years ago
iilegacyyii / DataInject-BOF
View on GitHub
Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
☆136Apr 18, 2025Updated 10 months ago
pard0p / Remote-BOF-Runner
View on GitHub
Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …
☆89Jan 2, 2026Updated last month
EricEsquivel / OpsLoader
View on GitHub
A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader
☆45Sep 25, 2024Updated last year
CICADA8-Research / RpcMotion
View on GitHub
Execute commands, in/exfiltrate files using your custom RPC Server
☆65Jan 13, 2026Updated last month
HackLike-co / Cloak
View on GitHub
Generate Secure, Polymorphic, Evasive (lol) Payloads
☆29Oct 2, 2025Updated 4 months ago