☆100Sep 1, 2024Updated last year
Alternatives and similar repositories for NtDumpBOF
Users that are interested in NtDumpBOF are comparing it to the libraries listed below
Sorting:
- ☆126Sep 1, 2024Updated last year
- ☆161Mar 27, 2023Updated 2 years ago
- Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.☆250Jun 11, 2024Updated last year
- Generic PE loader for fast prototyping evasion techniques☆245Jul 2, 2024Updated last year
- ☆108Aug 21, 2024Updated last year
- ☆123Oct 9, 2023Updated 2 years ago
- BOF for Kerberos abuse (an implementation of some important features of the Rubeus).☆549Nov 23, 2025Updated 3 months ago
- Sleep obfuscation☆270Dec 13, 2024Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆345Nov 19, 2024Updated last year
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆129Oct 4, 2024Updated last year
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆145Apr 18, 2025Updated 10 months ago
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆539May 9, 2025Updated 9 months ago
- ☆33Jan 23, 2025Updated last year
- A beacon object file implementation of PoolParty Process Injection Technique.☆435Dec 21, 2023Updated 2 years ago
- Remotely Enumerate sessions using undocumented Windows Station APIs☆117Aug 21, 2024Updated last year
- A BOF that runs unmanaged PEs inline☆682Oct 23, 2024Updated last year
- Library of BOFs to interact with SQL servers☆223Dec 3, 2025Updated 3 months ago
- A C# port from Invoke-GhostTask☆120Jan 5, 2024Updated 2 years ago
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆701May 7, 2025Updated 10 months ago
- TokenCert☆102Nov 15, 2024Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆677Aug 15, 2025Updated 6 months ago
- ☆31Jul 26, 2024Updated last year
- Stage 0☆169Dec 18, 2024Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆66Updated this week
- Collection of UAC Bypass Techniques Weaponized as BOFs☆609Feb 21, 2024Updated 2 years ago
- ☆121Nov 21, 2024Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆215Oct 19, 2024Updated last year
- Modified versions of the Cobalt Strike Process Injection Kit☆106Jan 24, 2024Updated 2 years ago
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆97Mar 20, 2023Updated 2 years ago
- Lockless BOF☆79May 2, 2025Updated 10 months ago
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆637May 8, 2025Updated 10 months ago
- DFSCoerce exe revisited version with custom authentication☆42Jan 13, 2024Updated 2 years ago
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆137Dec 7, 2025Updated 3 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆211Jun 10, 2024Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆299Jul 31, 2024Updated last year
- ☆160Jan 27, 2025Updated last year
- ☆138Nov 17, 2025Updated 3 months ago
- Mythic C2 Agent written in x64 PIC C☆84Jan 29, 2025Updated last year