deh00ni / NtDumpBOFView external linksLinks
☆100Sep 1, 2024Updated last year
Alternatives and similar repositories for NtDumpBOF
Users that are interested in NtDumpBOF are comparing it to the libraries listed below
Sorting:
- ☆126Sep 1, 2024Updated last year
- Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.☆249Jun 11, 2024Updated last year
- ☆160Mar 27, 2023Updated 2 years ago
- Generic PE loader for fast prototyping evasion techniques☆244Jul 2, 2024Updated last year
- ☆106Aug 21, 2024Updated last year
- ☆122Oct 9, 2023Updated 2 years ago
- BOF for Kerberos abuse (an implementation of some important features of the Rubeus).☆540Nov 23, 2025Updated 2 months ago
- Sleep obfuscation☆265Dec 13, 2024Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆345Nov 19, 2024Updated last year
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆135Apr 18, 2025Updated 9 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆128Oct 4, 2024Updated last year
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆534May 9, 2025Updated 9 months ago
- ☆33Jan 23, 2025Updated last year
- A beacon object file implementation of PoolParty Process Injection Technique.☆432Dec 21, 2023Updated 2 years ago
- Remotely Enumerate sessions using undocumented Windows Station APIs☆118Aug 21, 2024Updated last year
- A BOF that runs unmanaged PEs inline☆678Oct 23, 2024Updated last year
- Library of BOFs to interact with SQL servers☆222Dec 3, 2025Updated 2 months ago
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆698May 7, 2025Updated 9 months ago
- A C# port from Invoke-GhostTask☆119Jan 5, 2024Updated 2 years ago
- TokenCert☆102Nov 15, 2024Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆280Sep 18, 2024Updated last year
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆671Aug 15, 2025Updated 6 months ago
- ☆31Jul 26, 2024Updated last year
- Stage 0☆169Dec 18, 2024Updated last year
- Collection of UAC Bypass Techniques Weaponized as BOFs☆603Feb 21, 2024Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆64Dec 16, 2023Updated 2 years ago
- ☆118Nov 21, 2024Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆214Oct 19, 2024Updated last year
- Modified versions of the Cobalt Strike Process Injection Kit☆105Jan 24, 2024Updated 2 years ago
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆96Mar 20, 2023Updated 2 years ago
- Lockless BOF☆79May 2, 2025Updated 9 months ago
- Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework☆635May 8, 2025Updated 9 months ago
- DFSCoerce exe revisited version with custom authentication☆42Jan 13, 2024Updated 2 years ago
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆137Dec 7, 2025Updated 2 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆212Jun 10, 2024Updated last year
- ☆137Nov 17, 2025Updated 2 months ago
- A PowerShell script to perform PKINIT authentication with the Windows API from a non domain-joined machine.☆171May 13, 2024Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆296Jul 31, 2024Updated last year
- ☆160Jan 27, 2025Updated last year