Alternatives and similar repositories for minbeacon

Users that are interested in minbeacon are comparing it to the libraries listed below

• Secidi0t / Titan

  View on GitHub
  ☆15Nov 24, 2022Updated 3 years ago
• Crypt0s / Ekko_CFG_Bypass

  View on GitHub
  A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
  ☆113Aug 29, 2022Updated 3 years ago
• nick-frischkorn / TokenStripBOF

  View on GitHub
  Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process
  ☆47Jun 15, 2022Updated 3 years ago
• CrossC2 / autoRebind

  View on GitHub
  Automatically parse Malleable C2 profiled into CrossC2 rebinding library source code
  ☆21Feb 13, 2023Updated 3 years ago
• HuskyHacks / CobaltNotion

  View on GitHub
  A spin-off research project. Cobalt Strike x Notion collab 2022
  ☆53Apr 8, 2022Updated 3 years ago
• Ape1ron / FastjsonInDeserializationDemo1

  View on GitHub
  高版本Fastjson在Java原生反序列化中的利用演示
  ☆26Jan 12, 2025Updated last year
• 0x3rhy / BypassCredGuard-BOF

  View on GitHub
  BypassCredGuard CS BOF
  ☆49Jan 23, 2025Updated last year
• boku7 / whereami

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL…
  ☆183Mar 13, 2023Updated 2 years ago
• BambiZombie / bypass_uac_bof

  View on GitHub
  一个普通的BOF用来BypassUAC
  ☆22Apr 6, 2024Updated last year
• bestspear / ReBeacon_ForClang

  View on GitHub
  Beacon compiled using clang
  ☆73Jan 22, 2023Updated 3 years ago
• epichoxha / CobaltParrot

  View on GitHub
  Aggressor Notification Scripts for cobaltstrike via slack & discord
  ☆14Nov 27, 2025Updated 2 months ago
• timwhitez / Doge-Unhook

  View on GitHub
  DLL Unhooking
  ☆13Mar 26, 2021Updated 4 years ago
• ScriptIdiot / sw2-secinject

  View on GitHub
  Section Mapping Process Injection modified with SysWhisper2 (sw2-secinject): Cobalt Strike BOF
  ☆44Jun 23, 2022Updated 3 years ago
• y00ga-sec / Trustify

  View on GitHub
  Attack Active Directory Trusts with a single tool
  ☆14Jan 15, 2025Updated last year
• yehia-mamdouh / Lsassx

  View on GitHub
  Dumping LSASS Evaded Endpoint Security Solutions
  ☆18Feb 15, 2025Updated last year
• KANKOSHEV / Detect-VM-and-Hypervisor

  View on GitHub
  Detect VM and Hypervisor
  ☆10Jun 16, 2021Updated 4 years ago
• TryGOTry / Debug-Nps

  View on GitHub
  在原版nps的基础上，增加了nps探测，以及对应的利用方式（如获取cookie，页面等），进行一些简单的二开。未经过大量测试，可能存在bug。
  ☆21Aug 5, 2025Updated 6 months ago
• wafinfo / SyscallLoader

  View on GitHub
  SyscallLoader
  ☆11Sep 13, 2021Updated 4 years ago
• zha0 / DarkPulsar

  View on GitHub
  EQGRP: Replicating DarkPulsar, an DLL capable of hooking Security Package Method Tables on the Heap!
  ☆10Oct 11, 2020Updated 5 years ago
• joshfaust / Windows_Hunt

  View on GitHub
  Analyze Windows Systems for common and unique vulnerabilities
  ☆10Jul 6, 2022Updated 3 years ago
• nick-frischkorn / SuspendEventLogBOF

  View on GitHub
  Beacon Object File to locate and suspend the threads hosting the Event Log service
  ☆29Jun 17, 2022Updated 3 years ago
• YossiSassi / Invoke-AdminSDHolderPermissionCheck

  View on GitHub
  Analyzes AdminSDHolder permissions & compares with default baseline or a previous run, to detect potential backdoor/excessive persistent …
  ☆15Apr 8, 2025Updated 10 months ago
• z-bool / adsec_file

  View on GitHub
  此文件用于配套“卫界安全-阿呆攻防”中所涉及的代码类文档
  ☆11Apr 26, 2025Updated 9 months ago
• EvilBytecode / Eset-Unload

  View on GitHub
  Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …
  ☆12Apr 21, 2025Updated 9 months ago
• tvgdb / cobaltstrike-cat-bof

  View on GitHub
  A Beacon Object File (BOF) implementation of the 'cat' command
  ☆25Feb 11, 2023Updated 3 years ago
• G0ldenGunSec / wmiServSessEnum

  View on GitHub
  .net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems
  ☆36Dec 9, 2019Updated 6 years ago
• boku7 / halosgate-ps

  View on GitHub
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆108Mar 8, 2023Updated 2 years ago
• 0x3rhy / AddUser-Bof

  View on GitHub
  Cobalt Strike BOF that Add an admin user
  ☆78Oct 11, 2022Updated 3 years ago
• 0xlane / ppspoofing

  View on GitHub
  Rust编写的父进程PID欺骗技术测试工具
  ☆53Jan 9, 2023Updated 3 years ago
• wudun7 / UGuardMap

  View on GitHub
  bootkit驱动映射，三环进程注入加载指定模块
  ☆14Oct 8, 2024Updated last year
• ScriptIdiot / sleepmask_PatchlessHook

  View on GitHub
  Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
  ☆86Mar 19, 2023Updated 2 years ago
• Hagrid29 / BOF-RemoteRegSave

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer
  ☆17Mar 4, 2023Updated 2 years ago
• 0x3rhy / BOF-DCOMPotato-PrintNotify

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆13Feb 4, 2024Updated 2 years ago
• casp3r0x0 / PolymorphicSignature

  View on GitHub
  A C#-implemented malware that dynamically modifies its own hash upon each execution to evade detection.
  ☆17Feb 3, 2025Updated last year
• S4ntiagoP / freeBokuLoader

  View on GitHub
  A simple BOF that frees UDRLs
  ☆122May 29, 2022Updated 3 years ago
• JamesCooteUK / BOFs

  View on GitHub
  Collection of BOFs for Cobalt Strike
  ☆33Mar 28, 2023Updated 2 years ago
• dust-life / run_pe

  View on GitHub
  ☆51Aug 28, 2021Updated 4 years ago
• myzxcg / BypassUAC-Dll

  View on GitHub
  Use COM Component Bypass UAC,Dll Version
  ☆36Apr 17, 2021Updated 4 years ago
• TheKevinWang / HellsRunPE

  View on GitHub
  RunPE using Hell's Gate technique.
  ☆32Dec 4, 2020Updated 5 years ago