Und3rf10w/CobaltStrikeBOFs external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Und3rf10w/CobaltStrikeBOFs

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Und3rf10w/CobaltStrikeBOFs)

Close

Und3rf10w / CobaltStrikeBOFsView on GitHubMore

• External links
• Readme badge

Beacon Object Files used for Cobalt Strike

☆19Jul 18, 2023Updated 2 years ago

Alternatives and similar repositories for CobaltStrikeBOFs

Users that are interested in CobaltStrikeBOFs are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• keyboardcrunch / sentinelone_usbscan

  View on GitHub
  A custom SentinelOne USB scanner.
  ☆19Mar 26, 2022Updated 4 years ago
• typeconfused / windows-ps-callbacks-experiments

  View on GitHub
  Files for http://blog.deniable.org/posts/windows-callbacks/
  ☆12Jan 1, 2023Updated 3 years ago
• SilvestriF3 / Passworld

  View on GitHub
  Passworld is a fully customizable wordlist generator
  ☆16Sep 13, 2024Updated last year
• 0xthirteen / PerfExec

  View on GitHub
  ☆79Aug 2, 2023Updated 2 years ago
• ricardojoserf / BOF_Files

  View on GitHub
  Repository to gather the BOF files I will be developing
  ☆11Oct 1, 2024Updated last year
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• seahop / titan

  View on GitHub
  Titan: A generic user defined reflective DLL for Cobalt Strike
  ☆85Nov 20, 2022Updated 3 years ago
• zimnyaa / inmembof.py

  View on GitHub
  A small example of loading BOFs in Python with pure reflection
  ☆19Jan 26, 2023Updated 3 years ago
• ly4k / Pypykatz

  View on GitHub
  Modified version of Pypykatz to print encrypted credentials
  ☆56Dec 26, 2022Updated 3 years ago
• MaorSabag / HollowMask

  View on GitHub
  Just another Process Injection using Process Hollowing technique.
  ☆18Sep 18, 2023Updated 2 years ago
• wsummerhill / IPv4Fuscation-Encrypted

  View on GitHub
  ☆20Mar 21, 2024Updated 2 years ago
• susMdT / effective-waffle

  View on GitHub
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69May 11, 2023Updated 2 years ago
• Levi597 / HHbackdoor-V0.3

  View on GitHub
  Only for educational purposes
  ☆12Jun 17, 2023Updated 2 years ago
• Hagrid29 / BOF-SprayAD

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray
  ☆47Mar 4, 2023Updated 3 years ago
• Binject / exec2shell

  View on GitHub
  Extracts TEXT section of a PE, ELF, or Mach-O executable to shellcode
  ☆106May 5, 2023Updated 2 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• nettitude / ETWHash

  View on GitHub
  C# POC to extract NetNTLMv1/v2 hashes from ETW provider
  ☆261May 10, 2023Updated 2 years ago
• lleon1435 / Kernel_VADInjector

  View on GitHub
  Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver
  ☆55Oct 19, 2023Updated 2 years ago
• x42en / sysplant

  View on GitHub
  Your Windows syscall hooking factory - feat Canterlot's Gate - All accessible over MCP
  ☆130Updated this week
• rasta-mouse / PPEnum

  View on GitHub
  Simple BOF to read the protection level of a process
  ☆119May 10, 2023Updated 2 years ago
• OtterHacker / CoffLoader

  View on GitHub
  ☆61Jan 9, 2023Updated 3 years ago
• CultCornholio / solenya

  View on GitHub
  Microsoft365 Device Code Phishing Framework
  ☆39Sep 4, 2021Updated 4 years ago
• NVISOsecurity / cs2br-bof

  View on GitHub
  Run Cobalt Strike BOFs in Brute Ratel C4!
  ☆87Apr 15, 2025Updated 11 months ago
• knavesec / BloodHound-Custom-Queries

  View on GitHub
  Assorted BloodHound Cypher queries/tricks I haven't seen in other cheat sheets
  ☆12Jun 21, 2021Updated 4 years ago
• Cipher7 / havoc-SauronEye

  View on GitHub
  ☆11Dec 8, 2023Updated 2 years ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• sketchymoose / workslikeaJARM

  View on GitHub
  Method of finding interesting domains using keywords + JARMs
  ☆13Jan 30, 2023Updated 3 years ago
• EspressoCake / DLL_Version_Enumeration_BOF

  View on GitHub
  A BOF for enumerating version information for DLLs associated for a Beacon process.
  ☆16Nov 23, 2021Updated 4 years ago
• EspressoCake / BetterPipename

  View on GitHub
  Example of using Sleep to create better named pipes.
  ☆41Jul 25, 2023Updated 2 years ago
• x0reaxeax / PageSplit

  View on GitHub
  Splitting and executing shellcode across multiple pages
  ☆104Jun 8, 2023Updated 2 years ago
• rvrsh3ll / SharpExcel4-DCOM

  View on GitHub
  Port of Invoke-Excel4DCOM
  ☆104Oct 12, 2019Updated 6 years ago
• Hagrid29 / BOF-RemoteRegSave

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer
  ☆17Mar 4, 2023Updated 3 years ago
• rkbennett / icmpsh

  View on GitHub
  Simple reverse ICMP shell
  ☆14Apr 30, 2024Updated last year
• 0xEr3bus / ShadowForgeC2

  View on GitHub
  ShadowForge Command & Control - Harnessing the power of Zoom's API, control a compromised Windows Machine from your Zoom Chats.
  ☆53Jul 15, 2023Updated 2 years ago
• secgroundzero / hashslack

  View on GitHub
  Small utility script to notify via Slack about Hashcat's progress during a password cracking session
  ☆10Mar 10, 2019Updated 7 years ago
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆295Jul 15, 2023Updated 2 years ago
• boku7 / whereami

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL…
  ☆183Mar 13, 2023Updated 3 years ago
• matterpreter / cpuid

  View on GitHub
  A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class
  ☆27Sep 15, 2023Updated 2 years ago
• VoldeSec / BOF-NPPSPY

  View on GitHub
  Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…
  ☆19Apr 24, 2023Updated 2 years ago
• 0xv1n / Havoc-ProfileGenerator

  View on GitHub
  malleable profile generator GUI for Havoc
  ☆55Apr 28, 2023Updated 2 years ago
• mgeeky / msi-shenanigans

  View on GitHub
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆91Dec 15, 2022Updated 3 years ago
• zimnyaa / grpcssh

  View on GitHub
  A simple reverse ssh/proxy implant PoC for *nix systems.
  ☆57Jul 5, 2024Updated last year