Alternatives and similar repositories for cobaltstrike_bofs

Users that are interested in cobaltstrike_bofs are comparing it to the libraries listed below

• tomcarver16 / BOF-DLL-Inject

  View on GitHub
  Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.
  ☆152Sep 3, 2020Updated 5 years ago
• Yaxser / CobaltStrike-BOF

  View on GitHub
  Collection of beacon BOF written to learn windows and cobaltstrike
  ☆362Feb 24, 2023Updated 2 years ago
• EncodeGroup / BOF-RegSave

  View on GitHub
  Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File
  ☆214Oct 8, 2020Updated 5 years ago
• rsmudge / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆283Sep 18, 2021Updated 4 years ago
• EncodeGroup / AggressiveProxy

  View on GitHub
  Project to enumerate proxy configurations and generate shellcode from CobaltStrike
  ☆140Nov 4, 2020Updated 5 years ago
• ajpc500 / BOFs

  View on GitHub
  Collection of Beacon Object Files
  ☆633Nov 1, 2022Updated 3 years ago
• EspressoCake / BeaconDownloadSync

  View on GitHub
  ☆94May 14, 2022Updated 3 years ago
• outflanknl / FindObjects-BOF

  View on GitHub
  A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…
  ☆275May 3, 2023Updated 2 years ago
• boku7 / spawn

  View on GitHub
  Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…
  ☆469Mar 8, 2023Updated 2 years ago
• rvrsh3ll / BOF_Collection

  View on GitHub
  Various Cobalt Strike BOFs
  ☆736Oct 16, 2022Updated 3 years ago
• rookuu / BOFs

  View on GitHub
  Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.
  ☆185Feb 11, 2021Updated 5 years ago
• jsecu / CredManBOF

  View on GitHub
  ☆99Sep 20, 2021Updated 4 years ago
• rxwx / spoolsystem

  View on GitHub
  Print Spooler Named Pipe Impersonation for Cobalt Strike
  ☆270Jun 13, 2020Updated 5 years ago
• CCob / goreflect

  View on GitHub
  Reflective DLL loading of your favorite Golang program
  ☆173Jan 27, 2020Updated 6 years ago
• EncodeGroup / AggressiveGadgetToJScript

  View on GitHub
  A Cobalt Strike Aggressor script to generate GadgetToJScript payloads
  ☆101Sep 30, 2020Updated 5 years ago
• CCob / BOF.NET

  View on GitHub
  A .NET Runtime for Cobalt Strike's Beacon Object Files
  ☆768Sep 4, 2024Updated last year
• anthemtotheego / CredBandit

  View on GitHub
  Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…
  ☆219Jul 14, 2021Updated 4 years ago
• Flangvik / SharpAppLocker

  View on GitHub
  C# port of the Get-AppLockerPolicy PS cmdlet
  ☆100Dec 8, 2022Updated 3 years ago
• dtmsecurity / bof_helper

  View on GitHub
  Beacon Object File (BOF) Creation Helper
  ☆236May 3, 2022Updated 3 years ago
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆294Dec 3, 2023Updated 2 years ago
• EspressoCake / PPLDump_BOF

  View on GitHub
  A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.
  ☆143Sep 24, 2021Updated 4 years ago
• EncodeGroup / UAC-SilentClean

  View on GitHub
  New UAC bypass for Silent Cleanup for CobaltStrike
  ☆191Jul 14, 2021Updated 4 years ago
• Mr-B0b / SpaceRunner

  View on GitHub
  This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes thr…
  ☆196Jul 26, 2020Updated 5 years ago
• guervild / BOFs

  View on GitHub
  Cobalt Strike Beacon Object Files
  ☆167May 2, 2022Updated 3 years ago
• outflanknl / WdToggle

  View on GitHub
  A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
  ☆220May 3, 2023Updated 2 years ago
• rsmudge / CVE-2020-0796-BOF

  View on GitHub
  ☆71Sep 17, 2020Updated 5 years ago
• mez-0 / CSharpWinRM

  View on GitHub
  .NET 4.0 WinRM API Command Execution
  ☆166Sep 11, 2020Updated 5 years ago
• rsmudge / ZeroLogon-BOF

  View on GitHub
  ☆163Apr 25, 2022Updated 3 years ago
• connormcgarr / cThreadHijack

  View on GitHub
  Beacon Object File (BOF) for remote process injection via thread hijacking
  ☆219Jan 13, 2021Updated 5 years ago
• pwn1sher / CS-BOFs

  View on GitHub
  Collection of CobaltStrike beacon object files
  ☆105Feb 14, 2022Updated 3 years ago
• mgeeky / ElusiveMice

  View on GitHub
  Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
  ☆482Jul 12, 2023Updated 2 years ago
• G0ldenGunSec / SharpSecDump

  View on GitHub
  .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
  ☆610Feb 16, 2023Updated 2 years ago
• rxwx / cs-rdll-ipc-example

  View on GitHub
  Example code for using named pipe output with beacon ReflectiveDLLs
  ☆121Jun 24, 2020Updated 5 years ago
• netero1010 / TrustedPath-UACBypass-BOF

  View on GitHub
  Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.…
  ☆146Aug 16, 2021Updated 4 years ago
• S4ntiagoP / freeBokuLoader

  View on GitHub
  A simple BOF that frees UDRLs
  ☆122May 29, 2022Updated 3 years ago
• connormcgarr / tgtdelegation

  View on GitHub
  tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"
  ☆178Nov 26, 2021Updated 4 years ago
• trustedsec / CS-Remote-OPs-BOF

  View on GitHub
  ☆1,117Jan 6, 2026Updated last month
• EspressoCake / Toggle_Token_Privileges_BOF

  View on GitHub
  Syscall BOF to arbitrarily add/detract process token privilege rights.
  ☆61Jul 10, 2024Updated last year
• med0x2e / ExecuteAssembly

  View on GitHub
  Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…
  ☆595Jul 26, 2021Updated 4 years ago