Alternatives and similar repositories for aad-bofs

Users that are interested in aad-bofs are comparing it to the libraries listed below

• ZephrFish / QoL-BOFs

  View on GitHub
  Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning
  ☆137Dec 7, 2025Updated 2 months ago
• CrowdStrike / sccmhound

  View on GitHub
  A BloodHound collector for Microsoft Configuration Manager
  ☆364Jul 7, 2025Updated 7 months ago
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆128Oct 4, 2024Updated last year
• FalconForceTeam / bof-winrm-client

  View on GitHub
  ☆123Jan 23, 2025Updated last year
• Macmod / ldapx

  View on GitHub
  Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.
  ☆188Dec 23, 2025Updated last month
• iilegacyyii / DataInject-BOF

  View on GitHub
  Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
  ☆135Apr 18, 2025Updated 9 months ago
• Tw1sm / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆222Dec 3, 2025Updated 2 months ago
• grayhatkiller / SharpExShell

  View on GitHub
  SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
  ☆75May 1, 2024Updated last year
• paranoidninja / BRC4-BOF-Artillery

  View on GitHub
  ☆145Nov 6, 2025Updated 3 months ago
• Octoberfest7 / Secure_Stager

  View on GitHub
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆194Nov 27, 2024Updated last year
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆182Jan 17, 2026Updated 3 weeks ago
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆671Aug 15, 2025Updated 6 months ago
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆285Feb 8, 2025Updated last year
• Mr-Un1k0d3r / Cookie-and-Handle-Stealer

  View on GitHub
  C or BOF file to extract WebKit master key to decrypt user cookie
  ☆207Apr 29, 2024Updated last year
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆345Nov 19, 2024Updated last year
• logangoins / Stifle

  View on GitHub
  .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
  ☆150Feb 10, 2025Updated last year
• nbaertsch / Shrike

  View on GitHub
  Hunting and injecting RWX 'mockingjay' DLLs in pure nim
  ☆59Dec 11, 2024Updated last year
• KingOfTheNOPs / Get-NetNTLM

  View on GitHub
  Internal Monologue BOF
  ☆79Dec 28, 2024Updated last year
• decoder-it / KrbRelay-SMBServer

  View on GitHub
  ☆235Oct 8, 2024Updated last year
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆220Oct 30, 2025Updated 3 months ago
• CCob / DRSAT

  View on GitHub
  Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…
  ☆273Dec 27, 2024Updated last year
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆122Jan 17, 2026Updated 3 weeks ago
• safedv / RustSoliloquy

  View on GitHub
  A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …
  ☆191Apr 26, 2025Updated 9 months ago
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• deh00ni / NtDumpBOF

  View on GitHub
  ☆100Sep 1, 2024Updated last year
• Octoberfest7 / Enumprotections_BOF

  View on GitHub
  A BOF to enumerate system process, their protection levels, and more.
  ☆124Nov 27, 2024Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year
• Meowmycks / koneko

  View on GitHub
  Robust Cobalt Strike shellcode loader with multiple advanced evasion features
  ☆199Apr 21, 2025Updated 9 months ago
• grayhatkiller / wambam-bof

  View on GitHub
  ☆47Dec 5, 2025Updated 2 months ago
• RalfHacker / Kerbeus-BOF

  View on GitHub
  BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
  ☆540Nov 23, 2025Updated 2 months ago
• atomicchonk / roadrecon_mcp_server

  View on GitHub
  Claude MCP server to perform analysis on ROADrecon data
  ☆48Mar 30, 2025Updated 10 months ago
• jsecu / ModTask

  View on GitHub
  ☆53Sep 23, 2025Updated 4 months ago
• JumpsecLabs / TokenSmith

  View on GitHub
  TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and …
  ☆376Jan 23, 2025Updated last year
• SpecterOps / cred1py

  View on GitHub
  A Python POC for CRED1 over SOCKS5
  ☆164Oct 5, 2024Updated last year
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆381Dec 13, 2024Updated last year
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆155Jul 23, 2025Updated 6 months ago
• synacktiv / SCCMSecrets

  View on GitHub
  SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.
  ☆260Nov 22, 2025Updated 2 months ago
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• quarkslab / proxyblob

  View on GitHub
  SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.
  ☆287Apr 29, 2025Updated 9 months ago