Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintain stealth and robust OPSEC.
☆76Oct 27, 2025Updated 4 months ago
Alternatives and similar repositories for SafeHarbor-BOF
Users that are interested in SafeHarbor-BOF are comparing it to the libraries listed below
Sorting:
- ☆24Feb 1, 2025Updated last year
- Leveraging AWS Lambda Function URLs for C2 Redirection☆45Aug 30, 2023Updated 2 years ago
- Powershell and python utilties for Entra Connect☆28Jun 5, 2025Updated 8 months ago
- The most extensive collection of BOFs (Beacon Object Files) tailored for Red Teams using C++23☆23Jun 19, 2025Updated 8 months ago
- Python script to leverage MSFT_MTProcess WMI class☆39Sep 17, 2025Updated 5 months ago
- UDC2 implementation that provides an ICMP C2 channel☆115Nov 24, 2025Updated 3 months ago
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆124Jan 17, 2026Updated last month
- ☆100Sep 1, 2024Updated last year
- Collection of many ldap bofs for domain enumeration and privilege escalation. Created for use with the Adaptix C2.☆58Dec 15, 2025Updated 2 months ago
- Docker container for running CobaltStrike 4.7 and above☆24Mar 20, 2025Updated 11 months ago
- ☆51Jun 28, 2025Updated 8 months ago
- ☆61Aug 30, 2021Updated 4 years ago
- BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.☆24Jul 5, 2023Updated 2 years ago
- ☆83Nov 1, 2023Updated 2 years ago
- ☆18Feb 29, 2024Updated 2 years ago
- ☆36Dec 4, 2025Updated 3 months ago
- Strstr with user-supplied needle and filename as a BOF.☆32Sep 27, 2021Updated 4 years ago
- An example reference design for a proposed BOF PE☆200Jan 23, 2026Updated last month
- SACL Scanner is a tool designed to scan and analyze SACLs.☆51Feb 13, 2025Updated last year
- Updated version of a long known self deletion technique to work with 24H2.☆61Jun 9, 2025Updated 8 months ago
- PoC script to demonstrate collection of SCCM attack paths that can be viewed in BH with OpenGraph☆24Aug 2, 2025Updated 7 months ago
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 10 months ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆137Dec 7, 2025Updated 2 months ago
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- ☆38Apr 15, 2025Updated 10 months ago
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆186Mar 14, 2025Updated 11 months ago
- Proof of Concept (PoC) implant for creating custom Cobalt Strike Beacons☆170Feb 11, 2026Updated 3 weeks ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆65Aug 23, 2023Updated 2 years ago
- ☆142May 4, 2022Updated 3 years ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆94Mar 8, 2023Updated 2 years ago
- self-hosted Azure OSINT tool☆33Jun 24, 2025Updated 8 months ago
- A BOF for lazy people☆22Apr 4, 2024Updated last year
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- Proof-of-concept implementation of AI-enabled postex DLLs☆54Sep 10, 2025Updated 5 months ago
- ☆44Oct 16, 2023Updated 2 years ago
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆285Jun 8, 2023Updated 2 years ago
- A python library to create BloodHound OpenGraphs☆53Feb 4, 2026Updated last month
- Modified versions of the Cobalt Strike Process Injection Kit☆106Jan 24, 2024Updated 2 years ago