mlcsec/EDRenum-BOF external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

mlcsec/EDRenum-BOF

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/mlcsec/EDRenum-BOF)

Close

mlcsec / EDRenum-BOFView on GitHubMore

• External links
• Readme badge

Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.

☆133Oct 4, 2024Updated last year

Alternatives and similar repositories for EDRenum-BOF

Users that are interested in EDRenum-BOF are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• kozmer / aad-bofs

  View on GitHub
  ☆139Nov 17, 2025Updated 4 months ago
• deh00ni / NtDumpBOF

  View on GitHub
  ☆100Sep 1, 2024Updated last year
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆685Oct 23, 2024Updated last year
• ZephrFish / QoL-BOFs

  View on GitHub
  Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning
  ☆138Dec 7, 2025Updated 3 months ago
• Tw1sm / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆227Dec 3, 2025Updated 3 months ago
• 0xv1n / RemoteSessionEnum

  View on GitHub
  Remotely Enumerate sessions using undocumented Windows Station APIs
  ☆117Aug 21, 2024Updated last year
• REDMED-X / InjectKit

  View on GitHub
  Modified versions of the Cobalt Strike Process Injection Kit
  ☆106Jan 24, 2024Updated 2 years ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• nbaertsch / AutoAppDomainHijack

  View on GitHub
  Automated .NET AppDomain hijack payload generation
  ☆129Feb 4, 2025Updated last year
• EricEsquivel / Inline-EA

  View on GitHub
  Cobalt Strike BOF for evasive .NET assembly execution
  ☆309Mar 31, 2025Updated 11 months ago
• Mr-Un1k0d3r / Elevate-System-Trusted-BOF

  View on GitHub
  ☆176Mar 27, 2023Updated 2 years ago
• icyguider / UAC-BOF-Bonanza

  View on GitHub
  Collection of UAC Bypass Techniques Weaponized as BOFs
  ☆611Feb 21, 2024Updated 2 years ago
• EspressoCake / BOF_NativeAPI_Definitions-VSCode

  View on GitHub
  A VSCode plugin to assist with BOF development.
  ☆37Aug 14, 2024Updated last year
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆681Aug 15, 2025Updated 7 months ago
• Offensive-Panda / LsassReflectDumping

  View on GitHub
  This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
  ☆216Oct 19, 2024Updated last year
• EspressoCake / ADIDNS_Parser

  View on GitHub
  Parser and reconciliation tooling for large Active Directory environments.
  ☆33Feb 18, 2025Updated last year
• RalfHacker / Kerbeus-BOF

  View on GitHub
  BOF for Kerberos abuse (an implementation of some important features of the Rubeus).
  ☆554Nov 23, 2025Updated 4 months ago
• Offensive-Panda / .NET_PROFILER_DLL_LOADING

  View on GitHub
  .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…
  ☆46Jul 29, 2024Updated last year
• mlcsec / ASRenum-BOF

  View on GitHub
  Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
  ☆162Mar 1, 2024Updated 2 years ago
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆346Nov 19, 2024Updated last year
• NtDallas / KrakenMask

  View on GitHub
  Sleep obfuscation
  ☆271Dec 13, 2024Updated last year
• WKL-Sec / dcomhijack

  View on GitHub
  Lateral Movement Using DCOM and DLL Hijacking
  ☆324Jun 18, 2023Updated 2 years ago
• FalconForceTeam / bof-winrm-plugin-jump

  View on GitHub
  ☆33Jan 23, 2025Updated last year
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆189Jan 17, 2026Updated 2 months ago
• xforcered / BOFMask

  View on GitHub
  ☆128Jun 28, 2023Updated 2 years ago
• safedv / RustiveDump

  View on GitHub
  LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…
  ☆385Apr 26, 2025Updated 10 months ago
• FalconForceTeam / bof-winrm-client

  View on GitHub
  ☆127Jan 23, 2025Updated last year
• iilegacyyii / DataInject-BOF

  View on GitHub
  Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
  ☆151Apr 18, 2025Updated 11 months ago
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆438Dec 21, 2023Updated 2 years ago
• vxCrypt0r / Voidmaw

  View on GitHub
  A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…
  ☆343Oct 7, 2024Updated last year
• Friends-Security / SharpExclusionFinder

  View on GitHub
  Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without …
  ☆230Oct 6, 2024Updated last year
• Ap3x / COFF-Loader

  View on GitHub
  A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader
  ☆67Mar 6, 2026Updated 2 weeks ago
• outflanknl / edr-internals

  View on GitHub
  Tools for analyzing EDR agents
  ☆278Jun 10, 2024Updated last year
• Octoberfest7 / Secure_Stager

  View on GitHub
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆195Nov 27, 2024Updated last year
• VoldeSec / BOF-NPPSPY

  View on GitHub
  Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…
  ☆19Apr 24, 2023Updated 2 years ago
• connormcgarr / tgtdelegation

  View on GitHub
  tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"
  ☆178Nov 26, 2021Updated 4 years ago
• SpecterOps / cred1py

  View on GitHub
  A Python POC for CRED1 over SOCKS5
  ☆165Oct 5, 2024Updated last year
• BlackSnufkin / NyxInvoke

  View on GitHub
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆234Feb 12, 2025Updated last year