atomiczsec/Adrenaline external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

atomiczsec/Adrenaline

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/atomiczsec/Adrenaline)

Close

atomiczsec / AdrenalineView on GitHubMore

• External links
• Readme badge

Collection of BOFs created for red team/adversary emulation engagements. Created to be small and interchangeable, for quick recon or eventing.

☆265Mar 11, 2026Updated last week

Alternatives and similar repositories for Adrenaline

Users that are interested in Adrenaline are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• PhantomSecurityGroup / Crystal-Kit

  View on GitHub
  Evasion kit for Cobalt Strike
  ☆30Jan 16, 2026Updated 2 months ago
• incursi0n / ClipboardStealBOF

  View on GitHub
  An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard histor…
  ☆103Jan 9, 2026Updated 2 months ago
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆189Jan 17, 2026Updated 2 months ago
• Tw1sm / list-wam-accounts

  View on GitHub
  List web account manager (WAM) accounts added to the current profile
  ☆24Dec 11, 2025Updated 3 months ago
• lsecqt / SessionView

  View on GitHub
  A portable C# utility for enumerating local and remote windows sessions
  ☆57Jan 1, 2026Updated 2 months ago
• Cracked5pider / earlycascade-injection

  View on GitHub
  early cascade injection PoC based on Outflanks blog post
  ☆239Nov 7, 2024Updated last year
• Xenov-X / csbot

  View on GitHub
  Golang Automation Framework for Cobalt Strike using the Rest API
  ☆57Dec 4, 2025Updated 3 months ago
• ricardojoserf / w11_shadow_copies

  View on GitHub
  Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11
  ☆84Jan 26, 2026Updated last month
• Macmod / ldapx

  View on GitHub
  Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.
  ☆195Feb 16, 2026Updated last month
• MEhrn00 / boflink

  View on GitHub
  Linker for Beacon Object Files
  ☆170Feb 22, 2026Updated last month
• kas-sec / version.dll-sideloading

  View on GitHub
  sideloading PoC using onedrive.exe & version.dll
  ☆93Oct 30, 2025Updated 4 months ago
• NocteDefensor / SCCMDecryptor-BOF

  View on GitHub
  ☆53Jun 28, 2025Updated 8 months ago
• EricEsquivel / Inline-EA

  View on GitHub
  Cobalt Strike BOF for evasive .NET assembly execution
  ☆309Mar 31, 2025Updated 11 months ago
• mallo-m / AxiomSecrets

  View on GitHub
  Dump protected files (SAM,SYSTEM,SECURITY) by parsing the raw NTFS partition
  ☆38Nov 11, 2025Updated 4 months ago
• 0xTriboulet / InlineExecuteEx

  View on GitHub
  A BOF that's a BOF Loader and more
  ☆200Jan 17, 2026Updated 2 months ago
• pard0p / Remote-BOF-Runner

  View on GitHub
  Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …
  ☆91Jan 2, 2026Updated 2 months ago
• klezVirus / Moonwalk--

  View on GitHub
  Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption
  ☆210Dec 17, 2025Updated 3 months ago
• 5tuk0v / PointyTokenz

  View on GitHub
  Windows Access token manipulation tool made in C#
  ☆24Aug 24, 2025Updated 6 months ago
• Meowmycks / koneko

  View on GitHub
  Robust Cobalt Strike shellcode loader with multiple advanced evasion features
  ☆200Apr 21, 2025Updated 11 months ago
• dis0rder0x00 / stillepost

  View on GitHub
  Using Chromium-based browsers as a proxy for C2 traffic.
  ☆147Dec 6, 2025Updated 3 months ago
• HulkOperator / CallStackSpoofer

  View on GitHub
  ☆65Dec 19, 2024Updated last year
• 0xHossam / KernelCallbackTable-Injection-PoC

  View on GitHub
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆272Oct 31, 2024Updated last year
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆285Feb 8, 2025Updated last year
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆681Aug 15, 2025Updated 7 months ago
• ibaiC / FriendlyFireBOF

  View on GitHub
  A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.
  ☆57Apr 14, 2025Updated 11 months ago
• cfs0x / VPN-BlackBox-Checker

  View on GitHub
  A professional Red Team / Pentest tool for assessing the external perimeter of a company in a complete "black box" mode (zero knowledge, …
  ☆29Feb 15, 2026Updated last month
• WKL-Sec / slack-udc2

  View on GitHub
  Cobalt Strike UDC2 implementation that provides an Slack C2 channel
  ☆65Jan 5, 2026Updated 2 months ago
• Octoberfest7 / Enumprotections_BOF

  View on GitHub
  A BOF to enumerate system process, their protection levels, and more.
  ☆125Nov 27, 2024Updated last year
• Nomad0x7 / sekken-enum

  View on GitHub
  adws enumeration bof
  ☆169Feb 16, 2026Updated last month
• 3lp4tr0n / RemoteMonologue

  View on GitHub
  Weaponizing DCOM for NTLM Authentication Coercions
  ☆201Nov 4, 2025Updated 4 months ago
• 0xNinjaCyclone / EarlyCascade

  View on GitHub
  A PoC for Early Cascade process injection technique.
  ☆214Jan 30, 2025Updated last year
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆346Nov 19, 2024Updated last year
• dobin / RedEdr

  View on GitHub
  Collect Windows telemetry for Maldev
  ☆464Jan 30, 2026Updated last month
• iilegacyyii / DataInject-BOF

  View on GitHub
  Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
  ☆151Apr 18, 2025Updated 11 months ago
• bytewreck / DumpGuard

  View on GitHub
  Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
  ☆638Oct 27, 2025Updated 4 months ago
• professor-moody / scorch

  View on GitHub
  ☆43Dec 24, 2025Updated 2 months ago
• ofasgard / execute-assembly-pico

  View on GitHub
  A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.
  ☆129Jan 28, 2026Updated last month
• kozmer / aad-bofs

  View on GitHub
  ☆139Nov 17, 2025Updated 4 months ago
• mertdas / PrivKit

  View on GitHub
  PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
  ☆574Jan 20, 2026Updated 2 months ago