sensepost/bloatware-pwn external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

sensepost/bloatware-pwn

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/sensepost/bloatware-pwn)

Close

sensepost / bloatware-pwnView on GitHubMore

• External links
• Readme badge

LPE / RCE Exploits for various vulnerable "Bloatware" products

☆87Aug 5, 2025Updated 8 months ago

Alternatives and similar repositories for bloatware-pwn

Users that are interested in bloatware-pwn are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• KingOfTheNOPs / ChangeWallpaper-BOF

  View on GitHub
  Cobalt Strike Beacon Object File to to change the user's desktop wallpaper
  ☆17Sep 15, 2023Updated 2 years ago
• 0xedh / DEFCON33-KillChainReloaded

  View on GitHub
  Repository for the DEF CON 33 talk: Kill Chain Reloaded
  ☆82Aug 3, 2025Updated 8 months ago
• decoder-it / RelabelAbuse

  View on GitHub
  ☆63May 31, 2024Updated last year
• susMdT / ForsHops

  View on GitHub
  ForsHops
  ☆59Mar 25, 2025Updated last year
• 0xTriboulet / emerald_template

  View on GitHub
  A cmake template for crystal palace
  ☆40Dec 20, 2025Updated 4 months ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• mannyfred / MentalTi

  View on GitHub
  Mentally ill EtwTi parser
  ☆69Jan 11, 2026Updated 3 months ago
• outflanknl / macho-loader

  View on GitHub
  Position-independent Reflective Loader for macOS
  ☆122Feb 19, 2026Updated 2 months ago
• logangoins / BadTakeover-BOF

  View on GitHub
  Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
  ☆86Oct 20, 2025Updated 6 months ago
• Nomad0x7 / sekken-enum

  View on GitHub
  adws enumeration bof
  ☆170Feb 16, 2026Updated 2 months ago
• WithSecureLabs / TickTock

  View on GitHub
  ☆113Oct 10, 2022Updated 3 years ago
• klezVirus / ThreadPoolExecChain

  View on GitHub
  A simple POC to show how to chain multiple callbacks via tail calls to artificially construct a call stack
  ☆99Dec 22, 2025Updated 3 months ago
• bitdefender / hypervinject-poc

  View on GitHub
  ☆59Feb 19, 2026Updated 2 months ago
• CICADA8-Research / COMThanasia

  View on GitHub
  A set of programs for analyzing common vulnerabilities in COM
  ☆251Sep 8, 2024Updated last year
• olafhartong / BamboozlEDR

  View on GitHub
  A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.
  ☆265Sep 23, 2025Updated 6 months ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• dobin / ShellcodeObfuscationLab

  View on GitHub
  Test bench lab for Shellcode Obfuscation
  ☆36Sep 2, 2025Updated 7 months ago
• NocteDefensor / SCCMDecryptor-BOF

  View on GitHub
  ☆53Jun 28, 2025Updated 9 months ago
• CCob / DRSAT

  View on GitHub
  Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…
  ☆306Mar 28, 2026Updated 3 weeks ago
• Hagrid29 / BOF-DCOMPotato-PrintNotify

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆101Mar 20, 2023Updated 3 years ago
• edwig / HTTPSYS

  View on GitHub
  User-mode implementation of HTTP.SYS. Implements HTTP 1.1 of the "HTTP Server API 2.0" for web servers
  ☆45Feb 17, 2025Updated last year
• KingOfTheNOPs / Get-NetNTLM

  View on GitHub
  Internal Monologue BOF
  ☆79Dec 28, 2024Updated last year
• MartinoTommasini / offlineSCCMdecrypt

  View on GitHub
  Step-by-step documentation on how to decrypt SCCM database secrets offline
  ☆50Oct 20, 2025Updated 6 months ago
• emiltayl / encrust

  View on GitHub
  Rust crate to obfuscate strings and byte arrays so they are not in memory when not in use.
  ☆21Updated this week
• 0xRedpoll / SignalKeyBOF

  View on GitHub
  BOF to decrypt Signal Desktop chat logs
  ☆70Feb 20, 2025Updated last year
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• Hagrid29 / BOF-CredUI

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt
  ☆24Nov 23, 2022Updated 3 years ago
• Patrick0x41 / BOF_All_Things

  View on GitHub
  Beacon Object Files (BOF) for Cobalt Strike.
  ☆32Aug 23, 2024Updated last year
• 0xthirteen / rpc2wc

  View on GitHub
  RPC to WebClient startup
  ☆56Aug 19, 2025Updated 8 months ago
• cyndicatelabs / brc4_profile_maker

  View on GitHub
  An interactive TUI tool to create Brute Ratel C4 profiles based on BURP browsing data.
  ☆32May 23, 2025Updated 10 months ago
• WKL-Sec / slack-udc2

  View on GitHub
  Cobalt Strike UDC2 implementation that provides an Slack C2 channel
  ☆68Jan 5, 2026Updated 3 months ago
• ZakiPedio / BridgeHead

  View on GitHub
  Native C++ access to Active Directory over ADWS, no .NET, no WCF, no HTTP stack.
  ☆65Mar 27, 2026Updated 3 weeks ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆384Dec 13, 2024Updated last year
• SpecterOps / cred1py

  View on GitHub
  A Python POC for CRED1 over SOCKS5
  ☆166Oct 5, 2024Updated last year
• CICADA8-Research / TypeLibWalker

  View on GitHub
  TypeLib persistence technique
  ☆142Oct 22, 2024Updated last year
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• M1ndo / WerDump

  View on GitHub
  A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass
  ☆169Sep 22, 2025Updated 6 months ago
• zero2504 / EDR-GhostLocker

  View on GitHub
  AppLocker-Based EDR Neutralization
  ☆334Dec 19, 2025Updated 4 months ago
• trainr3kt / NoteThief

  View on GitHub
  Grab unsaved Notepad contents with a Beacon Object File
  ☆55Jun 19, 2022Updated 3 years ago
• Danukeru / llvm-obfs-str-pass-2024

  View on GitHub
  An example of an external LLVM plugin module transform pass for the latest versions.
  ☆15Oct 21, 2025Updated 5 months ago
• passthehashbrowns / Being-A-Good-CLR-Host

  View on GitHub
  ☆97Jan 21, 2025Updated last year
• ly4k / PassTheChallenge

  View on GitHub
  Recovering NTLM hashes from Credential Guard
  ☆383Dec 26, 2022Updated 3 years ago
• praetorian-inc / nerva

  View on GitHub
  Fast service fingerprinting CLI for 170+ protocols (TCP/UDP/SCTP) - built by Praetorian
  ☆258Updated this week