| Name | Syntax |
|---|---|
| MiniDumpWriteDump | minidumpwritedump <PID> <path_of_dmp?> |
Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemory.
Syscalls generated using @jthuraisamy's SysWhispers and @Outflanknl's InlineWhispers.
Code is adapted from ReactOS's implementation of MiniDumpWriteDump at minidump.c.
Beacon Object File (BOF) that spawns an arbitrary process from beacons memory. Supports Parent Process ID (PPID) spoofing & blocking non-MS signed DLLs from loading into the processes memory (some EDR DLLs).
Cobalt Strike "Where Am I?" Beacon Object File Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environmen
Beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.exe" by using DCOM object.
CredBandit CredBandit is a proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process a
InlineExecute-Assembly InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process
Beacon Object Files Name Syntax ETW Patching etw stop / etw start API Function Utility read_function / check_function / patch_function dll_path fun
Collection of BOFs for Cobalt Strike
BOF-Nim oh yeah baby I have an inkling it's possible, right now the problem seems to be getting the go function to be present in the Symbol table. No
COFFLoader2 This repo contains the source code of a Common Object File Format (COFF) loader, which is a rewrite of the research and implementation don
A collection of safe data types that are compatible with, and can substitute for, common unsafe native c++ types.
Cobalt Strike BOF - Inject AMSI Bypass Cobalt Strike Beacon Object File (BOF) that bypasses AMSI in a remote process with code injection. Running inje
Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks by spawning sacrificial process with Arbitrary Code Guard (ACG), BlockDll, and PPID spoofing.
Khepri Free,Open-Source,Cross-platform agent and Post-exploiton tool written in Golang and C++ Description Khepri is a Cross-platform agent, the archi
HalosGate Processlist Cobalt Strike BOF Cobalt Strike Beacon Object File (BOF) that uses a custom HalosGate & HellsGate syscaller, written in assembly
Cobalt Strike User-Defined Reflective Loader Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities. B
Section Mapping Process Injection (secinject): Cobalt Strike BOF Beacon Object File (BOF) that leverages Native APIs to achieve process injection thro
EVA3: using hellsgate in EVA to get the syscalls [tested with cobalt strike 4.3] note that i dont claim that the idea is mine, this repo is probably
Hellsgate Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode Features: Using Syscalls from Hellsgate tech loading the shell
COBALT STRIKE 4.4 Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to exe
JSON-CPP-gen This is a program that parses C++ structures from a header file and automatically generates C++ code capable of serializing said structur
spirit-po spirit-po is a header-only C++11 library that you can use for localization within the GNU gettext system, instead of using libintl. spirit-p
UniValue JSON Library for C++17 (and above) An easy-to-use and competitively fast JSON parsing library for C++17, forked from Bitcoin Cash Node's own
easy-tg Easy-to-use helpers for TDLib JSON. Not completely tested yet. Dependencies tdlib json-c Functions Automatically handles authorization state c
Urban++ A simple C++ library for fetching words from Urban Dictionary This README is also the documentation for this library. This is a very simple an
block_state_converter Convert runtime_block_states*.json from steadfast to more simplified format and use on other platforms. Example for Nukkit:
Various BOF collection Name Description ChromiumKeyDump BOF implementation of Chlonium tool to dump Chrome/Edge Masterkey and download Cookie/Login Da
BOF Template This repository is meant to host the core files needed to create a Beacon Object File for use with Cobalt Strike. A Beacon Object File (B
FindObjects-BOF A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific modules or process
WdToggle A Proof of Concept Cobalt Strike Beacon Object File which uses direct system calls to enable WDigest credential caching and circumvent Creden
349 Dec 1, 2022
91 Dec 28, 2022
188 Dec 25, 2022
418 Dec 27, 2022
22 Jul 27, 2022
77 Dec 24, 2022
132 Dec 22, 2022
329 Nov 24, 2022
1.4k Jan 3, 2023
77 Dec 16, 2022
![EVA3: using hellsgate in EVA to get the syscalls [tested with cobalt strike 4.3]](https://user-images.githubusercontent.com/66519611/133883316-591c5969-ee67-4ee6-b1ca-274701ab8d86.png)
32 Oct 29, 2022
21 Nov 5, 2021
![Trewis [work] Scotch](https://avatars.githubusercontent.com/u/92666826?v=4&s=60)
104 Aug 21, 2022
12 Oct 13, 2022
40 Oct 21, 2022
24 Sep 21, 2022
3 Nov 19, 2022
2 Jun 6, 2022
1 May 12, 2022
138 Jan 3, 2023
42 Nov 9, 2022
247 Dec 28, 2022