Alternatives and similar repositories for DataInject-BOF

Users that are interested in DataInject-BOF are comparing it to the libraries listed below

• CodeXTF2 / WebcamBOF

  View on GitHub
  Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
  ☆156Mar 26, 2025Updated 10 months ago
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆155Jul 23, 2025Updated 6 months ago
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆182Jan 17, 2026Updated 3 weeks ago
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆220Oct 30, 2025Updated 3 months ago
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆285Feb 8, 2025Updated last year
• EricEsquivel / Inline-EA

  View on GitHub
  Cobalt Strike BOF for evasive .NET assembly execution
  ☆307Mar 31, 2025Updated 10 months ago
• NtDallas / Svartalfheim

  View on GitHub
  Stage 0
  ☆169Dec 18, 2024Updated last year
• Meowmycks / koneko

  View on GitHub
  Robust Cobalt Strike shellcode loader with multiple advanced evasion features
  ☆199Apr 21, 2025Updated 9 months ago
• VoldeSec / PatchlessInlineExecute-Assembly

  View on GitHub
  Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
  ☆271Apr 17, 2023Updated 2 years ago
• Cracked5pider / earlycascade-injection

  View on GitHub
  early cascade injection PoC based on Outflanks blog post
  ☆236Nov 7, 2024Updated last year
• deh00ni / NtDumpBOF

  View on GitHub
  ☆100Sep 1, 2024Updated last year
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• rasta-mouse / process-inject-kit

  View on GitHub
  Port of Cobalt Strike's Process Inject Kit
  ☆190Dec 1, 2024Updated last year
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆106Aug 21, 2024Updated last year
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆432Dec 21, 2023Updated 2 years ago
• rasta-mouse / Crystal-Loaders

  View on GitHub
  A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
  ☆184Oct 29, 2025Updated 3 months ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆332Mar 6, 2025Updated 11 months ago
• ricardojoserf / NativeTokenImpersonate

  View on GitHub
  Impersonate Tokens using only NTAPI functions
  ☆83Apr 4, 2025Updated 10 months ago
• NtDallas / KrakenMask

  View on GitHub
  Sleep obfuscation
  ☆265Dec 13, 2024Updated last year
• kozmer / aad-bofs

  View on GitHub
  ☆137Nov 17, 2025Updated 2 months ago
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• naksyn / DojoLoader

  View on GitHub
  Generic PE loader for fast prototyping evasion techniques
  ☆244Jul 2, 2024Updated last year
• jhalon / cSessionHop

  View on GitHub
  Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM
  ☆63Dec 25, 2025Updated last month
• Tw1sm / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆222Dec 3, 2025Updated 2 months ago
• KingOfTheNOPs / Get-NetNTLM

  View on GitHub
  Internal Monologue BOF
  ☆79Dec 28, 2024Updated last year
• Octoberfest7 / Enumprotections_BOF

  View on GitHub
  A BOF to enumerate system process, their protection levels, and more.
  ☆124Nov 27, 2024Updated last year
• hasherezade / waiting_thread_hijacking

  View on GitHub
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆262Aug 31, 2025Updated 5 months ago
• rasta-mouse / SpawnWith

  View on GitHub
  ☆109Feb 17, 2025Updated 11 months ago
• NetSPI / BOF-PE

  View on GitHub
  An example reference design for a proposed BOF PE
  ☆197Jan 23, 2026Updated 3 weeks ago
• RalfHacker / Kerbeus-BOF

  View on GitHub
  BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
  ☆540Nov 23, 2025Updated 2 months ago
• 0xHossam / HuffLoader

  View on GitHub
  Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
  ☆282Apr 6, 2025Updated 10 months ago
• icyguider / UAC-BOF-Bonanza

  View on GitHub
  Collection of UAC Bypass Techniques Weaponized as BOFs
  ☆603Feb 21, 2024Updated last year
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆122Jan 17, 2026Updated 3 weeks ago
• NtDallas / BOF_ExecuteAssembly

  View on GitHub
  Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques.
  ☆182Dec 23, 2025Updated last month
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆671Aug 15, 2025Updated 6 months ago
• NtDallas / MemLoader

  View on GitHub
  Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible
  ☆266Jun 18, 2025Updated 7 months ago
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆128Oct 4, 2024Updated last year
• NtDallas / BOF_Spawn

  View on GitHub
  Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
  ☆150Nov 23, 2025Updated 2 months ago