fox-it/dissect.cobaltstrike external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

fox-it/dissect.cobaltstrike

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/fox-it/dissect.cobaltstrike)

Close

fox-it / dissect.cobaltstrikeView on GitHubMore

• External links
• Readme badge

Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles

☆186Jun 23, 2025Updated 8 months ago

Alternatives and similar repositories for dissect.cobaltstrike

Users that are interested in dissect.cobaltstrike are comparing it to the libraries listed below

• fox-it / cobaltstrike-beacon-data

  View on GitHub
  Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
  ☆133Mar 28, 2022Updated 3 years ago
• NVISOsecurity / CobaltWhispers

  View on GitHub
  CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…
  ☆243Jan 4, 2023Updated 3 years ago
• Sentinel-One / CobaltStrikeParser

  View on GitHub
  ☆1,131Dec 19, 2023Updated 2 years ago
• CCob / BeaconEye

  View on GitHub
  Hunts out CobaltStrike beacons and logs operator command output
  ☆950Sep 4, 2024Updated last year
• Cobalt-Strike / sleep_python_bridge

  View on GitHub
  This project is 'bridge' between the sleep and python language. It allows the control of a Cobalt Strike teamserver through python withou…
  ☆187Aug 3, 2025Updated 7 months ago
• wumb0 / rust_bof

  View on GitHub
  Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.
  ☆282Feb 8, 2024Updated 2 years ago
• CodeXTF2 / cobaltstrike-headless

  View on GitHub
  Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.
  ☆147Sep 8, 2022Updated 3 years ago
• EspressoCake / Defender_Exclusions-BOF

  View on GitHub
  A BOF to determine Windows Defender exclusions.
  ☆253Jun 25, 2023Updated 2 years ago
• oXis / GPUSleep

  View on GitHub
  Move CS beacon to GPU memory when sleeping
  ☆251Nov 19, 2021Updated 4 years ago
• nopbrick / SeeProxy

  View on GitHub
  Golang reverse proxy with CobaltStrike malleable profile validation.
  ☆109Jan 19, 2023Updated 3 years ago
• mgeeky / ElusiveMice

  View on GitHub
  Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
  ☆482Jul 12, 2023Updated 2 years ago
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 2 years ago
• trustedsec / COFFLoader

  View on GitHub
  ☆615Jul 21, 2025Updated 7 months ago
• b1tg / cobaltstrike-beacon-rust

  View on GitHub
  CobaltStrike beacon in rust
  ☆208Aug 10, 2024Updated last year
• WKL-Sec / Winsocky

  View on GitHub
  Winsocket for Cobalt Strike.
  ☆103Jul 6, 2023Updated 2 years ago
• LloydLabs / shellcode-plain-sight

  View on GitHub
  Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
  ☆211Nov 12, 2025Updated 3 months ago
• Cobalt-Strike / CallStackMasker

  View on GitHub
  A PoC implementation for dynamically masking call stacks with timers.
  ☆309Feb 13, 2023Updated 3 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,006Jun 4, 2024Updated last year
• Apr4h / CobaltStrikeScan

  View on GitHub
  Scan files or process memory for CobaltStrike beacons and parse their configuration
  ☆922Aug 19, 2021Updated 4 years ago
• jonny-jhnson / ProcCallback

  View on GitHub
  An example of how a driver can register a handle creation callback.
  ☆16Jun 12, 2023Updated 2 years ago
• guervild / BOFs

  View on GitHub
  Cobalt Strike Beacon Object Files
  ☆167May 2, 2022Updated 3 years ago
• vestjoe / cobaltstrike_services

  View on GitHub
  AutoStart teamserver and listeners with services
  ☆75Dec 23, 2021Updated 4 years ago
• wh0amitz / BypassCredGuard

  View on GitHub
  Credential Guard Bypass Via Patching Wdigest Memory
  ☆335Feb 3, 2023Updated 3 years ago
• CCob / BOF.NET

  View on GitHub
  A .NET Runtime for Cobalt Strike's Beacon Object Files
  ☆772Sep 4, 2024Updated last year
• rsmudge / ZeroLogon-BOF

  View on GitHub
  ☆163Apr 25, 2022Updated 3 years ago
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆94Mar 8, 2023Updated 2 years ago
• anthemtotheego / InlineExecute-Assembly

  View on GitHub
  InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…
  ☆740Jul 22, 2023Updated 2 years ago
• whickey-r7 / grab_beacon_config

  View on GitHub
  ☆451Aug 4, 2021Updated 4 years ago
• xforcered / BokuLoader

  View on GitHub
  A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
  ☆335Jul 20, 2024Updated last year
• netero1010 / RDPHijack-BOF

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.
  ☆312Jul 8, 2022Updated 3 years ago
• NoOne-hub / Beacon.dll

  View on GitHub
  Beacon.dll reverse
  ☆141Sep 5, 2021Updated 4 years ago
• 3lp4tr0n / BeaconHunter

  View on GitHub
  Detect and respond to Cobalt Strike beacons using ETW.
  ☆516Jul 15, 2022Updated 3 years ago
• paranoidninja / Brute-Ratel-C4-Community-Kit

  View on GitHub
  This repository contains scripts, configurations and deprecated payload loaders for Brute Ratel C4 (https://bruteratel.com/)
  ☆291Aug 5, 2024Updated last year
• Sh0ckFR / InlineWhispers2

  View on GitHub
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
  ☆186Jul 21, 2022Updated 3 years ago
• anthemtotheego / CredBandit

  View on GitHub
  Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…
  ☆219Jul 14, 2021Updated 4 years ago
• Mav3rick33 / ZenLdr

  View on GitHub
  Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature
  ☆101Feb 28, 2023Updated 3 years ago
• outflanknl / C2-Tool-Collection

  View on GitHub
  A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…
  ☆1,370Oct 27, 2023Updated 2 years ago
• crypt0p3g / bof-collection

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆186Dec 5, 2022Updated 3 years ago
• bohops / DynamicDotNet

  View on GitHub
  A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
  ☆145May 18, 2024Updated last year