iilegacyyii/DataInject-BOF

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/iilegacyyii/DataInject-BOF)

iilegacyyii / DataInject-BOF

Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll

☆145

Alternatives and similar repositories for DataInject-BOF

Users that are interested in DataInject-BOF are comparing it to the libraries listed below

Sorting:

CodeXTF2 / WebcamBOF
View on GitHub
Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
☆158Mar 26, 2025Updated 11 months ago
klezVirus / RAIWhateverTrigger
View on GitHub
Local SYSTEM auth trigger for relaying - X
☆155Jul 23, 2025Updated 7 months ago
NtDallas / OdinLdr
View on GitHub
Cobaltstrike Reflective Loader with Synthetic Stackframe
☆188Jan 17, 2026Updated last month
NtDallas / Draugr
View on GitHub
BOF with Synthetic Stackframe
☆230Oct 30, 2025Updated 4 months ago
boku7 / StringReaper
View on GitHub
Reaping treasures from strings in remote processes memory
☆284Feb 8, 2025Updated last year
EricEsquivel / Inline-EA
View on GitHub
Cobalt Strike BOF for evasive .NET assembly execution
☆308Mar 31, 2025Updated 11 months ago
NtDallas / Svartalfheim
View on GitHub
Stage 0
☆169Dec 18, 2024Updated last year
Meowmycks / koneko
View on GitHub
Robust Cobalt Strike shellcode loader with multiple advanced evasion features
☆200Apr 21, 2025Updated 10 months ago
Cracked5pider / earlycascade-injection
View on GitHub
early cascade injection PoC based on Outflanks blog post
☆237Nov 7, 2024Updated last year
passthehashbrowns / VectoredExceptionHandling
View on GitHub
☆108Aug 21, 2024Updated last year
VoldeSec / PatchlessInlineExecute-Assembly
View on GitHub
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
☆277Apr 17, 2023Updated 2 years ago
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆435Dec 21, 2023Updated 2 years ago
deh00ni / NtDumpBOF
View on GitHub
☆100Sep 1, 2024Updated last year
boku7 / patchwerk
View on GitHub
BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
☆194Feb 6, 2025Updated last year
rasta-mouse / process-inject-kit
View on GitHub
Port of Cobalt Strike's Process Inject Kit
☆192Dec 1, 2024Updated last year
JanielDary / ImmoralFiber
View on GitHub
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
☆283Sep 18, 2024Updated last year
rasta-mouse / Crystal-Loaders
View on GitHub
A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
☆187Oct 29, 2025Updated 4 months ago
T3nb3w / ComDotNetExploit
View on GitHub
A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
☆335Mar 6, 2025Updated last year
ricardojoserf / NativeTokenImpersonate
View on GitHub
Impersonate Tokens using only NTAPI functions
☆84Apr 4, 2025Updated 11 months ago
NtDallas / KrakenMask
View on GitHub
Sleep obfuscation
☆268Dec 13, 2024Updated last year
naksyn / DojoLoader
View on GitHub
Generic PE loader for fast prototyping evasion techniques
☆245Jul 2, 2024Updated last year
kozmer / aad-bofs
View on GitHub
☆138Nov 17, 2025Updated 3 months ago
Octoberfest7 / enumhandles_BOF
View on GitHub
☆126Sep 1, 2024Updated last year
Tw1sm / SQL-BOF
View on GitHub
Library of BOFs to interact with SQL servers
☆223Dec 3, 2025Updated 3 months ago
KingOfTheNOPs / Get-NetNTLM
View on GitHub
Internal Monologue BOF
☆79Dec 28, 2024Updated last year
Octoberfest7 / Enumprotections_BOF
View on GitHub
A BOF to enumerate system process, their protection levels, and more.
☆125Nov 27, 2024Updated last year
NtDallas / MemLoader
View on GitHub
Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible
☆270Jun 18, 2025Updated 8 months ago
NtDallas / BOF_Spawn
View on GitHub
Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames
☆152Nov 23, 2025Updated 3 months ago
hasherezade / waiting_thread_hijacking
View on GitHub
Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
☆264Aug 31, 2025Updated 6 months ago
REDMED-X / OperatorsKit
View on GitHub
Collection of Beacon Object Files (BOF) for Cobalt Strike
☆677Aug 15, 2025Updated 6 months ago
jhalon / cSessionHop
View on GitHub
Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM
☆64Dec 25, 2025Updated 2 months ago
rasta-mouse / SpawnWith
View on GitHub
☆109Feb 17, 2025Updated last year
NetSPI / BOF-PE
View on GitHub
An example reference design for a proposed BOF PE
☆201Jan 23, 2026Updated last month
0xHossam / HuffLoader
View on GitHub
Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
☆283Apr 6, 2025Updated 11 months ago
RalfHacker / Kerbeus-BOF
View on GitHub
BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
☆549Nov 23, 2025Updated 3 months ago
icyguider / UAC-BOF-Bonanza
View on GitHub
Collection of UAC Bypass Techniques Weaponized as BOFs
☆609Feb 21, 2024Updated 2 years ago
sudonoodle / BOF-entra-authcode-flow
View on GitHub
Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
☆124Jan 17, 2026Updated last month
NtDallas / BOF_ExecuteAssembly
View on GitHub
Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques.
☆182Dec 23, 2025Updated 2 months ago
mlcsec / EDRenum-BOF
View on GitHub
Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
☆129Oct 4, 2024Updated last year