Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.
☆113Jan 26, 2026Updated 2 months ago
Alternatives and similar repositories for BOFs
Users that are interested in BOFs are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- NSecSoftBYOVD POC☆58Feb 12, 2026Updated last month
- Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective☆170Jan 12, 2026Updated 2 months ago
- Library of BOFs to interact with SQL servers☆16Dec 6, 2024Updated last year
- A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…☆117Dec 21, 2025Updated 3 months ago
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆64Dec 25, 2025Updated 3 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Lateral Movement Bof with MSI ODBC Driver Install☆148Sep 30, 2025Updated 6 months ago
- Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…☆81Nov 6, 2025Updated 5 months ago
- Enable EFS service as low priv user (PE & BOF)☆21Jul 6, 2025Updated 9 months ago
- An example of how to use Microsoft Windows Warbird technology☆94Apr 23, 2023Updated 2 years ago
- AppLocker-Based EDR Neutralization☆329Dec 19, 2025Updated 3 months ago
- Evasion kit for Cobalt Strike☆30Jan 16, 2026Updated 2 months ago
- A Beacon Object File (BOF) implementation of the 'cat' command☆27Feb 11, 2023Updated 3 years ago
- Python script to leverage MSFT_MTProcess WMI class☆40Sep 17, 2025Updated 6 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 2 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆95Mar 8, 2023Updated 3 years ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆168Sep 22, 2025Updated 6 months ago
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆215Dec 17, 2025Updated 3 months ago
- Beacon Object Files (not Buffer Overflows)☆58Mar 6, 2023Updated 3 years ago
- Beacon Object Files (BOF) for Cobalt Strike.☆32Aug 23, 2024Updated last year
- BOF to run PE in Cobalt Strike Beacon without console creation☆196Nov 23, 2025Updated 4 months ago
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆43Apr 6, 2025Updated last year
- Linux Shared Library to Shellcode Loader☆90Feb 15, 2026Updated last month
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking☆439Jun 27, 2025Updated 9 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆231Nov 6, 2025Updated 5 months ago
- ☆62Feb 12, 2026Updated last month
- Cobalt Strike Beacon Object File to to change the user's desktop wallpaper☆17Sep 15, 2023Updated 2 years ago
- A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, wit…☆289Feb 21, 2026Updated last month
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 10 months ago
- Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of …☆11Mar 22, 2021Updated 5 years ago
- Sleep obfuscation☆272Dec 13, 2024Updated last year
- Misery Loader to bypass modern EDR solutions☆18Dec 20, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- A POC for developing BOFs for Sliver, Havoc, Cobalt Strike or most COFFLoaders in Rust.☆75Aug 24, 2025Updated 7 months ago
- Grab unsaved Notepad contents with a Beacon Object File☆55Jun 19, 2022Updated 3 years ago
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆86Oct 20, 2025Updated 5 months ago
- Execute commands, in/exfiltrate files using your custom RPC Server☆68Jan 13, 2026Updated 2 months ago
- Cobalt Strike BOF for evasive .NET assembly execution☆312Mar 31, 2025Updated last year
- Call stack spoofing for Rust☆361Feb 7, 2025Updated last year
- Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process☆47Jun 15, 2022Updated 3 years ago