Alternatives and similar repositories for BOF-Builder

Users that are interested in BOF-Builder are comparing it to the libraries listed below

• trainr3kt / Readfile_BoF

  View on GitHub
  ☆22Jun 21, 2022Updated 3 years ago
• EspressoCake / Needle_Sift_BOF

  View on GitHub
  Strstr with user-supplied needle and filename as a BOF.
  ☆32Sep 27, 2021Updated 4 years ago
• NVISOsecurity / cobalt-strike-notifier

  View on GitHub
  ☆13Jul 30, 2021Updated 4 years ago
• EspressoCake / DLL-Hijack-Search-Order-BOF

  View on GitHub
  DLL Hijack Search Order Enumeration BOF
  ☆149Nov 3, 2021Updated 4 years ago
• apokryptein / secinject

  View on GitHub
  Section Mapping Process Injection (secinject): Cobalt Strike BOF
  ☆102Jan 7, 2022Updated 4 years ago
• ASkyeye / CobaltPatch

  View on GitHub
  Cobalt Strike Malleable Profile Inline Patch Template: A Position Independent Code (PIC) Code Template For Creating Shellcode That Can Be…
  ☆41Sep 3, 2020Updated 5 years ago
• netero1010 / Quser-BOF

  View on GitHub
  Cobalt Strike BOF for quser.exe implementation using Windows API
  ☆87Mar 22, 2023Updated 2 years ago
• williamknows / SharpHound3

  View on GitHub
  C# Data Collector for the BloodHound Project, Version 3
  ☆37Dec 28, 2021Updated 4 years ago
• GhostManager / cobalt_sync

  View on GitHub
  Standalone Cobalt Strike operation logging Aggressor script for Ghostwriter 2.0+
  ☆36Dec 1, 2025Updated 2 months ago
• netero1010 / TrustedPath-UACBypass-BOF

  View on GitHub
  Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.…
  ☆146Aug 16, 2021Updated 4 years ago
• Octoberfest7 / Backstab_BOF

  View on GitHub
  Beacon Object File implementation of Yaxser's Backstab
  ☆15Mar 9, 2022Updated 3 years ago
• rasta-mouse / ExternalC2.NET

  View on GitHub
  .NET implementation of Cobalt Strike's External C2 Spec
  ☆89Nov 12, 2021Updated 4 years ago
• trainr3kt / MemReader_BoF

  View on GitHub
  ☆46Dec 5, 2023Updated 2 years ago
• Cobalt-Strike / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆76Mar 13, 2022Updated 3 years ago
• EspressoCake / PPLDump_BOF

  View on GitHub
  A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.
  ☆143Sep 24, 2021Updated 4 years ago
• tomcarver16 / BOF-DLL-Inject

  View on GitHub
  Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.
  ☆152Sep 3, 2020Updated 5 years ago
• xx0hcd / Alt-Beacon-Payload

  View on GitHub
  Beacon payload using AV bypass method from https://github.com/fullmetalcache/CsharpMMNiceness and shellcode generated from https://github…
  ☆20Feb 9, 2021Updated 5 years ago
• guervild / BOFs

  View on GitHub
  Cobalt Strike Beacon Object Files
  ☆167May 2, 2022Updated 3 years ago
• Octoberfest7 / EventViewerUAC_BOF

  View on GitHub
  Beacon Object File implementation of Event Viewer deserialization UAC bypass
  ☆133May 6, 2022Updated 3 years ago
• Sh0ckFR / InlineWhispers2

  View on GitHub
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
  ☆187Jul 21, 2022Updated 3 years ago
• EspressoCake / DLL-Exports-Extraction-BOF

  View on GitHub
  DLL Exports Extraction BOF with optional NTFS transactions.
  ☆90Nov 5, 2021Updated 4 years ago
• o1mate / DLLProx

  View on GitHub
  Automatic DLL comment link generation and explaination of the DLL Proxying techniques
  ☆10Aug 19, 2021Updated 4 years ago
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆93Mar 8, 2023Updated 2 years ago
• zimnyaa / inmembof.py

  View on GitHub
  A small example of loading BOFs in Python with pure reflection
  ☆19Jan 26, 2023Updated 3 years ago
• Hagrid29 / BOF-CredUI

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt
  ☆23Nov 23, 2022Updated 3 years ago
• magisterquis / shelloverreversessh

  View on GitHub
  A little implant which SSH's back with a shell
  ☆38Feb 1, 2022Updated 4 years ago
• RiccardoAncarani / BOFs

  View on GitHub
  Collection of Beacon Object Files (BOFs) for shells and lols
  ☆121Sep 14, 2021Updated 4 years ago
• sk3w / beacon-object-files

  View on GitHub
  Miscellaneous examples for use with Cobalt Strike Beacon
  ☆10Nov 19, 2020Updated 5 years ago
• Octoberfest7 / KDStab

  View on GitHub
  BOF combination of KillDefender and Backstab
  ☆170Mar 23, 2023Updated 2 years ago
• airzero24 / WMIReg

  View on GitHub
  PoC to interact with local/remote registry hives through WMI
  ☆87Jun 14, 2020Updated 5 years ago
• sec-consult / aggrokatz

  View on GitHub
  Aggrokatz is an aggressor plugin extension for Cobalt Strike which enables pypykatz to interface with the beacons remotely and allows it …
  ☆156Apr 27, 2021Updated 4 years ago
• guervild / InlineZipper

  View on GitHub
  ☆25Feb 9, 2022Updated 4 years ago
• EspressoCake / ReadRemoteProcessCommandline_BOF

  View on GitHub
  ☆29May 10, 2024Updated last year
• Cobalt-Strike / ZeroLogon-BOF

  View on GitHub
  ☆12Sep 17, 2020Updated 5 years ago
• xforcered / CredBandit

  View on GitHub
  Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…
  ☆244Jul 14, 2021Updated 4 years ago
• knqyf263 / CVE-2021-3129

  View on GitHub
  PoC for CVE-2021-3129 (Laravel)
  ☆12Oct 9, 2021Updated 4 years ago
• Crypt0s / DelegationBOF

  View on GitHub
  ☆142May 4, 2022Updated 3 years ago
• xforcered / Detect-Hooks

  View on GitHub
  Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
  ☆103Jul 22, 2021Updated 4 years ago
• Hagrid29 / BOF-SprayAD

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses LogonUserSSPI API to perform kerberos-based password spray
  ☆47Mar 4, 2023Updated 2 years ago