Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
☆86Oct 20, 2025Updated 4 months ago
Alternatives and similar repositories for BadTakeover-BOF
Users that are interested in BadTakeover-BOF are comparing it to the libraries listed below
Sorting:
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 4 months ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- Cobalt Strike UDC2 implementation that provides an Slack C2 channel☆63Jan 5, 2026Updated last month
- A Windows tool that converts LDIF files to BloodHound CE☆27Dec 20, 2025Updated 2 months ago
- Golang Automation Framework for Cobalt Strike using the Rest API☆56Dec 4, 2025Updated 2 months ago
- Proof of concept for Kerberos Armoring abuse.☆81Dec 12, 2025Updated 2 months ago
- Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does☆95Jul 3, 2025Updated 8 months ago
- A simple BOF that frees UDRLs☆122May 29, 2022Updated 3 years ago
- adws enumeration bof☆167Feb 16, 2026Updated 2 weeks ago
- Local SYSTEM auth trigger for relaying - X☆155Jul 23, 2025Updated 7 months ago
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆97Mar 20, 2023Updated 2 years ago
- ☆138Nov 17, 2025Updated 3 months ago
- shellcode transformation tool for YARA evasion☆55Dec 17, 2025Updated 2 months ago
- ☆48Dec 5, 2025Updated 2 months ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 5 months ago
- dcsync bof☆44Feb 13, 2026Updated 2 weeks ago
- ☆20Sep 6, 2025Updated 5 months ago
- A C# utility for interacting with SCOM☆96Dec 2, 2025Updated 3 months ago
- modified mssqlclient from impacket to extract policies from the SCCM database☆44Feb 24, 2026Updated last week
- A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…☆116Dec 21, 2025Updated 2 months ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆101Jan 10, 2026Updated last month
- CVE-2025-59501 POC code☆25Nov 20, 2025Updated 3 months ago
- Impersonate Windows tokens in Nim☆23Aug 4, 2025Updated 6 months ago
- A portable C# utility for enumerating local and remote windows sessions☆56Jan 1, 2026Updated 2 months ago
- Execute commands, in/exfiltrate files using your custom RPC Server☆65Jan 13, 2026Updated last month
- Random BOFs for LDAP tradecraft☆74Sep 9, 2025Updated 5 months ago
- A PICO for Crystal Palace that implements CLR hosting to execute a .NET assembly in memory.☆128Jan 28, 2026Updated last month
- Cobalt Strike BOF☆43Dec 10, 2025Updated 2 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆137Apr 18, 2025Updated 10 months ago
- Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM☆63Dec 25, 2025Updated 2 months ago
- Using Chromium-based browsers as a proxy for C2 traffic.☆146Dec 6, 2025Updated 2 months ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- BOF to run PE in Cobalt Strike Beacon without console creation☆186Nov 23, 2025Updated 3 months ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆137Apr 6, 2025Updated 10 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆186Jan 17, 2026Updated last month
- Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective☆166Jan 12, 2026Updated last month
- Citrix Phishlet☆24Feb 2, 2021Updated 5 years ago
- Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)☆129Oct 23, 2025Updated 4 months ago
- Remote administration toolkit for windows, based on Hidden VNC: file manager, keystroke logger, powershell☆37Nov 23, 2025Updated 3 months ago