Living Off the Foreign Land setup scripts
☆74Feb 26, 2025Updated last year
Alternatives and similar repositories for lofl
Users that are interested in lofl are comparing it to the libraries listed below
Sorting:
- Utility to analyse, ingest and push out credentials from common data sources during an internal penetration test.☆19Jun 12, 2022Updated 3 years ago
- Cobalt Strike BOF for quser.exe implementation using Windows API☆87Mar 22, 2023Updated 2 years ago
- C# alternative to the linux "cat" command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly☆15Jul 15, 2021Updated 4 years ago
- Collection of self-made Red Team tools that have come in handy☆12Aug 25, 2024Updated last year
- List web account manager (WAM) accounts added to the current profile☆22Dec 11, 2025Updated 2 months ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆160Mar 1, 2024Updated last year
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆39Aug 8, 2022Updated 3 years ago
- Tool for efficient directory enumeration☆65Jan 27, 2026Updated last month
- A VSCode devcontainer for development of COFF files with batteries included.☆50Jul 10, 2023Updated 2 years ago
- ☆162Mar 27, 2023Updated 2 years ago
- My implementation of the GIUDA project in C++☆189Jul 25, 2023Updated 2 years ago
- ☆126Jun 28, 2023Updated 2 years ago
- ☆14Sep 26, 2023Updated 2 years ago
- In-memory token vault BOF for Cobalt Strike☆149Aug 18, 2022Updated 3 years ago
- Your syscall factory☆126Jan 13, 2026Updated last month
- Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly☆117Sep 30, 2024Updated last year
- ☆137Jun 21, 2023Updated 2 years ago
- A simple BOF that disables some logging with NtSetInformationProcess☆13Oct 13, 2023Updated 2 years ago
- Self Delete DLL☆23Feb 15, 2024Updated 2 years ago
- Mythic C2 wrapper for NimSyscallPacker☆25Mar 12, 2025Updated 11 months ago
- A care package of useful bofs for red team engagments☆53Dec 6, 2024Updated last year
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆672Aug 15, 2025Updated 6 months ago
- ☆307Mar 15, 2025Updated 11 months ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆94Mar 8, 2023Updated 2 years ago
- SCCMHunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain.…☆892Feb 18, 2026Updated last week
- Set of python scripts which perform different ways of command execution via WMI protocol.☆165Jun 29, 2023Updated 2 years ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Mar 27, 2025Updated 11 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆318Aug 31, 2023Updated 2 years ago
- ☆100Sep 1, 2024Updated last year
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆197Dec 6, 2022Updated 3 years ago
- a tool to help operate in EDRs' blind spots☆767Dec 2, 2024Updated last year
- ☆159Apr 17, 2024Updated last year
- Lockless BOF☆79May 2, 2025Updated 9 months ago
- ☆88Jul 28, 2022Updated 3 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆151Jul 20, 2022Updated 3 years ago
- Generate BloodHound compatible JSON from logs written by ldapsearch BOF, pyldapsearch and Brute Ratel's LDAP Sentinel☆387Feb 23, 2024Updated 2 years ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆614Jan 2, 2025Updated last year
- Lateral Movement Using DCOM and DLL Hijacking☆325Jun 18, 2023Updated 2 years ago