Cobalt Strike BOF
☆43Dec 10, 2025Updated 3 months ago
Alternatives and similar repositories for inlineExecute
Users that are interested in inlineExecute are comparing it to the libraries listed below
Sorting:
- wtftp.py is a tool to attack Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS).☆30Jan 22, 2026Updated last month
- Purple Team Dropper generator using open source templates.☆17May 23, 2024Updated last year
- IOCTL++ can be used to make DeviceIoControl requests with arbitrary inputs.☆35Oct 28, 2025Updated 4 months ago
- A C# utility for interacting with SCOM☆96Dec 2, 2025Updated 3 months ago
- adws enumeration bof☆169Feb 16, 2026Updated last month
- A simple POC to show how to chain multiple callbacks via tail calls to artificially construct a call stack☆99Dec 22, 2025Updated 2 months ago
- Shellcode injection using the Windows Debugging API☆171Jan 4, 2026Updated 2 months ago
- Extension functionality for the NightHawk operator client☆26Nov 3, 2023Updated 2 years ago
- Tool to enumerate unregistered reply URLs for single and multitenant apps in Azure☆15Jan 23, 2025Updated last year
- ☆36Aug 21, 2024Updated last year
- Collection of self-made Red Team tools that have come in handy☆12Aug 25, 2024Updated last year
- Extension functionality for the NightHawk operator client☆26Oct 31, 2023Updated 2 years ago
- Advanced post-exploitation framework designed for Red Team operations in Entra ID, Azure and Microsoft 365 environments.☆42Dec 30, 2025Updated 2 months ago
- A bunch of shenanigans using functions, VEH and more☆38Jun 8, 2025Updated 9 months ago
- Cobalt Strike UDRL for memory scanner evasion.☆52Dec 4, 2023Updated 2 years ago
- C# version of NTLMRawUnHide☆72Oct 8, 2022Updated 3 years ago
- Dump Teams conversations☆18Jun 9, 2021Updated 4 years ago
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- Example of using Sleep to create better named pipes.☆41Jul 25, 2023Updated 2 years ago
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike☆193Oct 29, 2025Updated 4 months ago
- ☆35Updated this week
- Abuse Azure API permissions for red teaming☆71Jan 24, 2023Updated 3 years ago
- A Crystal Palace shared library to resolve & perform syscalls☆58Oct 29, 2025Updated 4 months ago
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers☆18Mar 19, 2025Updated last year
- Research into COM☆19Jan 25, 2020Updated 6 years ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 6 months ago
- ☆17Jan 9, 2025Updated last year
- CVE-2025-59501 POC code☆25Nov 20, 2025Updated 3 months ago
- Find private tracks on soundcloud by bruteforcing shareable links☆13Apr 24, 2024Updated last year
- Claude MCP server to perform analysis on ROADrecon data☆49Mar 30, 2025Updated 11 months ago
- C# Data Collector for BloodHound with CobaltStrike integration (BOF.NET)☆59Apr 13, 2023Updated 2 years ago
- Sniffing files generator☆62Feb 24, 2025Updated last year
- A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation☆38Dec 7, 2025Updated 3 months ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- Local SYSTEM auth trigger for relaying - X☆154Jul 23, 2025Updated 7 months ago
- ☆12Oct 9, 2020Updated 5 years ago
- WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.☆13Oct 24, 2022Updated 3 years ago
- An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities☆63Aug 25, 2022Updated 3 years ago
- A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO☆238Aug 25, 2024Updated last year