sensepost/bloatware-pwn external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

sensepost/bloatware-pwn

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/sensepost/bloatware-pwn)

Close

sensepost / bloatware-pwnView on GitHubMore

• External links
• Readme badge

LPE / RCE Exploits for various vulnerable "Bloatware" products

☆87Aug 5, 2025Updated 9 months ago

Alternatives and similar repositories for bloatware-pwn

Users that are interested in bloatware-pwn are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• KingOfTheNOPs / ChangeWallpaper-BOF

  View on GitHub
  Cobalt Strike Beacon Object File to to change the user's desktop wallpaper
  ☆17Sep 15, 2023Updated 2 years ago
• 0xedh / DEFCON33-KillChainReloaded

  View on GitHub
  Repository for the DEF CON 33 talk: Kill Chain Reloaded
  ☆83Aug 3, 2025Updated 9 months ago
• decoder-it / RelabelAbuse

  View on GitHub
  ☆63May 31, 2024Updated 2 years ago
• susMdT / ForsHops

  View on GitHub
  ForsHops
  ☆60Mar 25, 2025Updated last year
• 0xTriboulet / emerald_template

  View on GitHub
  A cmake template for crystal palace
  ☆41Dec 20, 2025Updated 5 months ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• ZakiPedio / BridgeHead

  View on GitHub
  Native C++ access to Active Directory over ADWS, no .NET, no WCF, no HTTP stack.
  ☆78Mar 27, 2026Updated 2 months ago
• mannyfred / MentalTi

  View on GitHub
  Mentally ill EtwTi parser
  ☆73Jan 11, 2026Updated 4 months ago
• outflanknl / macho-loader

  View on GitHub
  Position-independent Reflective Loader for macOS
  ☆126Feb 19, 2026Updated 3 months ago
• Nomad0x7 / sekken-enum

  View on GitHub
  adws enumeration bof
  ☆172Feb 16, 2026Updated 3 months ago
• WithSecureLabs / TickTock

  View on GitHub
  ☆115Oct 10, 2022Updated 3 years ago
• logangoins / BadTakeover-BOF

  View on GitHub
  Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
  ☆86Oct 20, 2025Updated 7 months ago
• klezVirus / ThreadPoolExecChain

  View on GitHub
  A simple POC to show how to chain multiple callbacks via tail calls to artificially construct a call stack
  ☆103Updated this week
• bitdefender / hypervinject-poc

  View on GitHub
  ☆59Feb 19, 2026Updated 3 months ago
• CICADA8-Research / COMThanasia

  View on GitHub
  A set of programs for analyzing common vulnerabilities in COM
  ☆263Sep 8, 2024Updated last year
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• incursi0n / GodPotatoBOF

  View on GitHub
  Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by …
  ☆238Apr 16, 2026Updated last month
• olafhartong / BamboozlEDR

  View on GitHub
  A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.
  ☆270Sep 23, 2025Updated 8 months ago
• dobin / ShellcodeObfuscationLab

  View on GitHub
  Test bench lab for Shellcode Obfuscation
  ☆37Sep 2, 2025Updated 8 months ago
• CCob / DRSAT

  View on GitHub
  Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…
  ☆310Mar 28, 2026Updated 2 months ago
• NocteDefensor / SCCMDecryptor-BOF

  View on GitHub
  ☆56Jun 28, 2025Updated 11 months ago
• Hagrid29 / BOF-DCOMPotato-PrintNotify

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆101Mar 20, 2023Updated 3 years ago
• edwig / HTTPSYS

  View on GitHub
  User-mode implementation of HTTP.SYS. Implements HTTP 1.1 of the "HTTP Server API 2.0" for web servers
  ☆45Feb 17, 2025Updated last year
• KingOfTheNOPs / Get-NetNTLM

  View on GitHub
  Internal Monologue BOF
  ☆79Dec 28, 2024Updated last year
• MartinoTommasini / offlineSCCMdecrypt

  View on GitHub
  Step-by-step documentation on how to decrypt SCCM database secrets offline
  ☆50Oct 20, 2025Updated 7 months ago
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• emiltayl / encrust

  View on GitHub
  Rust crate to obfuscate strings and byte arrays so they are not in memory when not in use.
  ☆21Apr 30, 2026Updated last month
• 0xRedpoll / SignalKeyBOF

  View on GitHub
  BOF to decrypt Signal Desktop chat logs
  ☆70Feb 20, 2025Updated last year
• Hagrid29 / BOF-CredUI

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt
  ☆24Nov 23, 2022Updated 3 years ago
• Patrick0x41 / BOF_All_Things

  View on GitHub
  Beacon Object Files (BOF) for Cobalt Strike.
  ☆32Aug 23, 2024Updated last year
• 0xthirteen / rpc2wc

  View on GitHub
  RPC to WebClient startup
  ☆57Aug 19, 2025Updated 9 months ago
• cyndicatelabs / brc4_profile_maker

  View on GitHub
  An interactive TUI tool to create Brute Ratel C4 profiles based on BURP browsing data.
  ☆32May 23, 2025Updated last year
• WKL-Sec / slack-udc2

  View on GitHub
  Cobalt Strike UDC2 implementation that provides an Slack C2 channel
  ☆69Jan 5, 2026Updated 4 months ago
• deepinstinct / DCOMUploadExec

  View on GitHub
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆385Dec 13, 2024Updated last year
• SpecterOps / cred1py

  View on GitHub
  A Python POC for CRED1 over SOCKS5
  ☆167Oct 5, 2024Updated last year
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• M1ndo / WerDump

  View on GitHub
  A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass
  ☆171Sep 22, 2025Updated 8 months ago
• CICADA8-Research / TypeLibWalker

  View on GitHub
  TypeLib persistence technique
  ☆146Oct 22, 2024Updated last year
• zero2504 / EDR-GhostLocker

  View on GitHub
  AppLocker-Based EDR Neutralization
  ☆337Dec 19, 2025Updated 5 months ago
• trainr3kt / NoteThief

  View on GitHub
  Grab unsaved Notepad contents with a Beacon Object File
  ☆55Jun 19, 2022Updated 3 years ago
• Danukeru / llvm-obfs-str-pass-2024

  View on GitHub
  An example of an external LLVM plugin module transform pass for the latest versions.
  ☆15Oct 21, 2025Updated 7 months ago
• SpecterOps / SCOMHound

  View on GitHub
  ☆42Dec 4, 2025Updated 5 months ago
• ly4k / PassTheChallenge

  View on GitHub
  Recovering NTLM hashes from Credential Guard
  ☆386Dec 26, 2022Updated 3 years ago