Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM
☆63Dec 25, 2025Updated 2 months ago
Alternatives and similar repositories for cSessionHop
Users that are interested in cSessionHop are comparing it to the libraries listed below
Sorting:
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆136Apr 18, 2025Updated 10 months ago
- Beacon Object File (BOF) for identifying dependent child services of a given parent.☆18Jun 20, 2025Updated 8 months ago
- A New Exploitation Technique for Visual Studio Projects☆11Nov 5, 2023Updated 2 years ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆185Jan 17, 2026Updated last month
- A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…☆116Dec 21, 2025Updated 2 months ago
- CVE-2025-59501 POC code☆25Nov 20, 2025Updated 3 months ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆199Dec 30, 2025Updated last month
- A tool to convert windows registry export files into windows hive files that can be used to replace NTUSER.MAN☆104Jan 26, 2026Updated last month
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- A simple Sleepmask BOF example☆167Nov 24, 2025Updated 3 months ago
- Thats it! An Open-Source Windows UEFI Rootkit☆28Jul 19, 2025Updated 7 months ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆89Jan 2, 2026Updated last month
- PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are rela…☆43Jul 9, 2025Updated 7 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆222Nov 6, 2025Updated 3 months ago
- Title is self explaining, well theres few methods we can do to read locked file and play with it...☆96Jan 5, 2026Updated last month
- ☆47Dec 5, 2025Updated 2 months ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- Easy to use, open-source infrastructure management platform, crafted specifically for red team engagements.☆109Feb 16, 2026Updated last week
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does☆95Jul 3, 2025Updated 7 months ago
- PowerShell tool that shows how to read and write NTLM OWF values via samlib.dll.☆72Oct 22, 2025Updated 4 months ago
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆96Mar 20, 2023Updated 2 years ago
- ☆100Sep 1, 2024Updated last year
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆85Oct 20, 2025Updated 4 months ago
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆60Jan 5, 2026Updated last month
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 7 months ago
- ☆109Feb 17, 2025Updated last year
- An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard histor…☆103Jan 9, 2026Updated last month
- 🧠 The ultimate resource for finding Beacon Object Files (BOFs).☆106Feb 16, 2026Updated last week
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆128Jan 28, 2026Updated 3 weeks ago
- A lightweight redirector for Google Cloud Run, enabling domain fronting via Google-owned infrastructure.☆132Nov 12, 2025Updated 3 months ago
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆101Jan 26, 2026Updated last month
- Local SYSTEM auth trigger for relaying - X☆155Jul 23, 2025Updated 7 months ago
- This code silently installs Chrome extensions on Mac, Windows, and Linux☆128Jul 22, 2025Updated 7 months ago
- A BOF that's a BOF Loader and more☆198Jan 17, 2026Updated last month
- ☆140Sep 9, 2025Updated 5 months ago
- An Ansible collection that installs an SCCM deployment with optional configurations.☆101Dec 8, 2025Updated 2 months ago
- An example reference design for a proposed BOF PE☆197Jan 23, 2026Updated last month