pard0p/Remote-BOF-Runner external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

pard0p/Remote-BOF-Runner

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/pard0p/Remote-BOF-Runner)

Close

pard0p / Remote-BOF-RunnerView on GitHubMore

• External links
• Readme badge

Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal Palace.

☆91Jan 2, 2026Updated 2 months ago

Alternatives and similar repositories for Remote-BOF-Runner

Users that are interested in Remote-BOF-Runner are comparing it to the libraries listed below

• 0xTriboulet / InlineExecuteEx

  View on GitHub
  A BOF that's a BOF Loader and more
  ☆200Jan 17, 2026Updated 2 months ago
• Nomad0x7 / sekken-enum

  View on GitHub
  adws enumeration bof
  ☆169Feb 16, 2026Updated last month
• CodeXTF2 / CustomC2ChannelTemplate

  View on GitHub
  template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.
  ☆101Jan 10, 2026Updated 2 months ago
• incursi0n / ClipboardStealBOF

  View on GitHub
  An alternative to the builtin clipboard feature in Cobalt Strike that adds the capability to enable/disable and dump the clipboard histor…
  ☆103Jan 9, 2026Updated 2 months ago
• dis0rder0x00 / DbgNexum

  View on GitHub
  Shellcode injection using the Windows Debugging API
  ☆171Jan 4, 2026Updated 2 months ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• MEhrn00 / boflink

  View on GitHub
  Linker for Beacon Object Files
  ☆160Feb 22, 2026Updated 3 weeks ago
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆189Jan 17, 2026Updated 2 months ago
• iilegacyyii / DataInject-BOF

  View on GitHub
  Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
  ☆151Apr 18, 2025Updated 11 months ago
• BlWasp / PhantomTask

  View on GitHub
  A tool to play with scheduled tasks on Windows, in Rust
  ☆122Nov 1, 2025Updated 4 months ago
• Meowmycks / koneko

  View on GitHub
  Robust Cobalt Strike shellcode loader with multiple advanced evasion features
  ☆200Apr 21, 2025Updated 11 months ago
• TwoSevenOneT / CreateProcessAsPPL

  View on GitHub
  This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  ☆295Nov 1, 2025Updated 4 months ago
• TierZeroSecurity / killerPID-BOF

  View on GitHub
  BOF to terminate a process via PID as argument
  ☆28Sep 7, 2025Updated 6 months ago
• ColeHouston / theHandler-BOF

  View on GitHub
  Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
  ☆37Aug 5, 2025Updated 7 months ago
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆124Jan 17, 2026Updated 2 months ago
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• dmcxblue / PyObscura

  View on GitHub
  A python script that automates a C2 Profile build
  ☆48Dec 14, 2025Updated 3 months ago
• garrettfoster13 / ldap_bofs

  View on GitHub
  Random BOFs for LDAP tradecraft
  ☆74Sep 9, 2025Updated 6 months ago
• fin3ss3g0d / IoDllProxyLoad

  View on GitHub
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆63Mar 19, 2024Updated 2 years ago
• jhalon / cSessionHop

  View on GitHub
  Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM
  ☆64Dec 25, 2025Updated 2 months ago
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• WKL-Sec / slack-udc2

  View on GitHub
  Cobalt Strike UDC2 implementation that provides an Slack C2 channel
  ☆65Jan 5, 2026Updated 2 months ago
• KickedDroid / loadstar

  View on GitHub
  A different approach to writing BOFs in rust.
  ☆19Aug 20, 2025Updated 7 months ago
• 0xRedpoll / ludus_cobaltstrike_teamserver

  View on GitHub
  Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers
  ☆18Mar 19, 2025Updated last year
• rxOred / process-hollowing

  View on GitHub
  process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
  ☆31Jan 9, 2022Updated 4 years ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• zarkones / BloodfangC2

  View on GitHub
  Modern PIC implant for Windows (64 & 32 bit)
  ☆106Jul 23, 2025Updated 7 months ago
• silentwarble / PIC-Library

  View on GitHub
  A collection of position independent coding resources
  ☆107Nov 15, 2025Updated 4 months ago
• NtDallas / Huginn

  View on GitHub
  ☆81Feb 12, 2026Updated last month
• pard0p / PICO-Implant

  View on GitHub
  PICO-Implant is a Proof of Concept C2 implant built using Position-independent Code Objects (PICO) for modular functionality. This projec…
  ☆48Nov 9, 2025Updated 4 months ago
• Maldev-Academy / GhostlyHollowingViaTamperedSyscalls2

  View on GitHub
  Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection
  ☆72Dec 26, 2025Updated 2 months ago
• NetSPI / BOF-PE

  View on GitHub
  An example reference design for a proposed BOF PE
  ☆204Jan 23, 2026Updated last month
• nbaertsch / nimvoke

  View on GitHub
  Indirect syscalls + DInvoke made simple.
  ☆95Dec 24, 2024Updated last year
• KiExitDispatcher / Ebyte-AMSI-ProxyInjector

  View on GitHub
  A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…
  ☆64May 16, 2025Updated 10 months ago
• AlmondOffSec / LibTPLoadLib

  View on GitHub
  Using call gadgets to break the call stack signature used by Elastic on proxying a module load. Provided as a Crystal Palace shared libra…
  ☆81Nov 6, 2025Updated 4 months ago
• Fudgedotdotdot / nimpersonate

  View on GitHub
  Impersonate Windows tokens in Nim
  ☆23Aug 4, 2025Updated 7 months ago
• Faran-17 / Hellshazzard

  View on GitHub
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆85Aug 13, 2024Updated last year
• zero2504 / COMouflage

  View on GitHub
  COM-based DLL Surrogate Injection
  ☆142Dec 9, 2025Updated 3 months ago
• CodeXTF2 / WebcamBOF

  View on GitHub
  Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options
  ☆158Mar 26, 2025Updated 11 months ago