kozmer/aad-bofs external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

kozmer/aad-bofs

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/kozmer/aad-bofs)

Close

kozmer / aad-bofsView on GitHubMore

• External links
• Readme badge

☆138Nov 17, 2025Updated 3 months ago

Alternatives and similar repositories for aad-bofs

Users that are interested in aad-bofs are comparing it to the libraries listed below

• ZephrFish / QoL-BOFs

  View on GitHub
  Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning
  ☆137Dec 7, 2025Updated 3 months ago
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆129Oct 4, 2024Updated last year
• CrowdStrike / sccmhound

  View on GitHub
  A BloodHound collector for Microsoft Configuration Manager
  ☆392Jul 7, 2025Updated 8 months ago
• FalconForceTeam / bof-winrm-client

  View on GitHub
  ☆126Jan 23, 2025Updated last year
• Macmod / ldapx

  View on GitHub
  Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.
  ☆191Feb 16, 2026Updated 2 weeks ago
• Tw1sm / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆223Dec 3, 2025Updated 3 months ago
• iilegacyyii / DataInject-BOF

  View on GitHub
  Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
  ☆137Apr 18, 2025Updated 10 months ago
• grayhatkiller / SharpExShell

  View on GitHub
  SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
  ☆75May 1, 2024Updated last year
• paranoidninja / BRC4-BOF-Artillery

  View on GitHub
  ☆146Nov 6, 2025Updated 4 months ago
• Octoberfest7 / Secure_Stager

  View on GitHub
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆195Nov 27, 2024Updated last year
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆186Jan 17, 2026Updated last month
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆675Aug 15, 2025Updated 6 months ago
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆285Feb 8, 2025Updated last year
• Mr-Un1k0d3r / Cookie-and-Handle-Stealer

  View on GitHub
  C or BOF file to extract WebKit master key to decrypt user cookie
  ☆207Apr 29, 2024Updated last year
• logangoins / Stifle

  View on GitHub
  .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
  ☆150Feb 10, 2025Updated last year
• nbaertsch / Shrike

  View on GitHub
  Hunting and injecting RWX 'mockingjay' DLLs in pure nim
  ☆60Dec 11, 2024Updated last year
• KingOfTheNOPs / Get-NetNTLM

  View on GitHub
  Internal Monologue BOF
  ☆79Dec 28, 2024Updated last year
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆345Nov 19, 2024Updated last year
• decoder-it / KrbRelay-SMBServer

  View on GitHub
  ☆234Oct 8, 2024Updated last year
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆230Oct 30, 2025Updated 4 months ago
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆124Jan 17, 2026Updated last month
• CCob / DRSAT

  View on GitHub
  Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…
  ☆275Dec 27, 2024Updated last year
• safedv / RustSoliloquy

  View on GitHub
  A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …
  ☆191Apr 26, 2025Updated 10 months ago
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• RalfHacker / Kerbeus-BOF

  View on GitHub
  BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
  ☆549Nov 23, 2025Updated 3 months ago
• deh00ni / NtDumpBOF

  View on GitHub
  ☆100Sep 1, 2024Updated last year
• Octoberfest7 / Enumprotections_BOF

  View on GitHub
  A BOF to enumerate system process, their protection levels, and more.
  ☆125Nov 27, 2024Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• Meowmycks / koneko

  View on GitHub
  Robust Cobalt Strike shellcode loader with multiple advanced evasion features
  ☆200Apr 21, 2025Updated 10 months ago
• atomicchonk / roadrecon_mcp_server

  View on GitHub
  Claude MCP server to perform analysis on ROADrecon data
  ☆48Mar 30, 2025Updated 11 months ago
• jsecu / ModTask

  View on GitHub
  ☆53Sep 23, 2025Updated 5 months ago
• quarkslab / proxyblob

  View on GitHub
  SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.
  ☆309Feb 16, 2026Updated 2 weeks ago
• grayhatkiller / wambam-bof

  View on GitHub
  ☆48Dec 5, 2025Updated 3 months ago
• SpecterOps / cred1py

  View on GitHub
  A Python POC for CRED1 over SOCKS5
  ☆165Oct 5, 2024Updated last year
• JumpsecLabs / TokenSmith

  View on GitHub
  TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and …
  ☆382Jan 23, 2025Updated last year
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆382Dec 13, 2024Updated last year
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆155Jul 23, 2025Updated 7 months ago
• synacktiv / SCCMSecrets

  View on GitHub
  SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.
  ☆261Nov 22, 2025Updated 3 months ago
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year