A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, without touching LSASS process memory.
☆296Feb 21, 2026Updated 2 months ago
Alternatives and similar repositories for lsawhisper-bof
Users that are interested in lsawhisper-bof are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Async BOF implementation of 'Rubeus monitor' to detect and automatically extract Kerberos TGTs as they appear on a target system.☆107Apr 22, 2026Updated last week
- ASPX Web Shell with COFF Loader☆129Mar 10, 2026Updated last month
- Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective☆173Jan 12, 2026Updated 3 months ago
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆335Mar 6, 2025Updated last year
- ☆40Nov 25, 2025Updated 5 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Conquest is a feature-rich and malleable command & control/post-exploitation framework developed in Nim.☆376Updated this week
- dcsync bof☆52Feb 13, 2026Updated 2 months ago
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- ☆138Nov 17, 2025Updated 5 months ago
- DSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries.☆169Apr 16, 2026Updated last week
- ☆186Oct 21, 2025Updated 6 months ago
- Azure apim mini proxy☆56Feb 16, 2026Updated 2 months ago
- A BOF that runs unmanaged PEs inline☆695Oct 23, 2024Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆196Feb 6, 2025Updated last year
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆349Nov 19, 2024Updated last year
- Beacon Object File (BOF) for identifying dependent child services of a given parent.☆19Jun 20, 2025Updated 10 months ago
- The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencie…☆175Sep 3, 2025Updated 7 months ago
- Lateral Movement Bof with MSI ODBC Driver Install☆149Sep 30, 2025Updated 6 months ago
- Tool for viewing NTDS.dit☆199Mar 14, 2025Updated last year
- Automatically scan the file system to identify Electron applications vulnerable to ASAR tampering.☆160Nov 28, 2025Updated 5 months ago
- An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memor…☆498Dec 7, 2025Updated 4 months ago
- ☆52May 4, 2025Updated 11 months ago
- BYOVD: Use 360 WFP driver to block EDR/XDR network connection.☆118Feb 10, 2026Updated 2 months ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- A Python POC for CRED1 over SOCKS5☆166Oct 5, 2024Updated last year
- Toolset to manipulate RPC clients by finding delayed services and masquerading as them☆111Aug 18, 2025Updated 8 months ago
- SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.☆263Feb 21, 2025Updated last year
- ☆138Jan 16, 2025Updated last year
- An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.☆120Oct 6, 2025Updated 6 months ago
- Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.☆206Feb 16, 2026Updated 2 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆154Apr 18, 2025Updated last year
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆204Dec 30, 2025Updated 3 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆191Jan 17, 2026Updated 3 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard histor…☆108Apr 16, 2026Updated last week
- One WSL BOF to rule them all☆175Jan 14, 2026Updated 3 months ago
- ☆235Oct 8, 2024Updated last year
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆163Apr 14, 2026Updated 2 weeks ago
- Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueAp…☆69Feb 17, 2026Updated 2 months ago
- A Cobalt Strike RL built with Crystal Palace — module overloading, NtContinue entry transfer, call stack spoofing, sleep masking, and sta…☆199Mar 15, 2026Updated last month
- Weaponizing DCOM for NTLM Authentication Coercions☆275Jul 1, 2025Updated 9 months ago