Alternatives and similar repositories for goffloader

Users that are interested in goffloader are comparing it to the libraries listed below

• BlackSnufkin / NyxInvoke

  View on GitHub
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆231Feb 12, 2025Updated last year
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆678Oct 23, 2024Updated last year
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆432Dec 21, 2023Updated 2 years ago
• NtDallas / Svartalfheim

  View on GitHub
  Stage 0
  ☆169Dec 18, 2024Updated last year
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆182Jan 17, 2026Updated 3 weeks ago
• ewby / Mockingjay_BOF

  View on GitHub
  Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
  ☆158Nov 7, 2023Updated 2 years ago
• trustedsec / COFFLoader

  View on GitHub
  ☆612Jul 21, 2025Updated 6 months ago
• Octoberfest7 / Secure_Stager

  View on GitHub
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆194Nov 27, 2024Updated last year
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆671Aug 15, 2025Updated 5 months ago
• CICADA8-Research / IHxExec

  View on GitHub
  Process injection alternative
  ☆404Sep 6, 2024Updated last year
• deh00ni / NtDumpBOF

  View on GitHub
  ☆100Sep 1, 2024Updated last year
• ZephrFish / QoL-BOFs

  View on GitHub
  Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning
  ☆137Dec 7, 2025Updated 2 months ago
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆126Sep 1, 2024Updated last year
• NtDallas / KrakenMask

  View on GitHub
  Sleep obfuscation
  ☆265Dec 13, 2024Updated last year
• hakaioffsec / coffee

  View on GitHub
  A COFF loader made in Rust
  ☆327Aug 20, 2025Updated 5 months ago
• trickster0 / NamelessC2

  View on GitHub
  Nameless C2 - A C2 with all its components written in Rust
  ☆282Sep 26, 2024Updated last year
• Ne0nd0g / go-coff

  View on GitHub
  Load and execute a common object file format (COFF) in the current process
  ☆32Mar 9, 2024Updated last year
• ColeHouston / Sunder

  View on GitHub
  Windows rootkit designed to work with BYOVD exploits
  ☆214Jan 18, 2025Updated last year
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆366Apr 19, 2023Updated 2 years ago
• f1zm0 / acheron

  View on GitHub
  indirect syscalls for AV/EDR evasion in Go assembly
  ☆365Jun 13, 2023Updated 2 years ago
• naksyn / DojoLoader

  View on GitHub
  Generic PE loader for fast prototyping evasion techniques
  ☆244Jul 2, 2024Updated last year
• senzee1984 / InflativeLoading

  View on GitHub
  Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
  ☆325Apr 12, 2024Updated last year
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆220Oct 30, 2025Updated 3 months ago
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆128Oct 4, 2024Updated last year
• CICADA8-Research / Spyndicapped

  View on GitHub
  COM ViewLogger — new malware keylogging technique
  ☆403Jan 6, 2025Updated last year
• ricardojoserf / TrickDump

  View on GitHub
  Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
  ☆534May 9, 2025Updated 9 months ago
• cpu0x00 / Ghost

  View on GitHub
  Evasive shellcode loader
  ☆398Oct 17, 2024Updated last year
• rad9800 / BootExecuteEDR

  View on GitHub
  ☆409Dec 8, 2024Updated last year
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆332Mar 6, 2025Updated 11 months ago
• Teach2Breach / pool_party_rs

  View on GitHub
  remote process injections using pool party techniques
  ☆70Jun 29, 2025Updated 7 months ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,004Jun 4, 2024Updated last year
• outflanknl / macho-loader

  View on GitHub
  ☆102Sep 5, 2024Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Sep 18, 2024Updated last year
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆296Jul 31, 2024Updated last year
• securifybv / BOFRyptor

  View on GitHub
  ☆122Oct 9, 2023Updated 2 years ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆381Dec 13, 2024Updated last year
• Cracked5pider / earlycascade-injection

  View on GitHub
  early cascade injection PoC based on Outflanks blog post
  ☆236Nov 7, 2024Updated last year
• vxCrypt0r / Voidmaw

  View on GitHub
  A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…
  ☆339Oct 7, 2024Updated last year
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year