DropSpawn_BOF
DLL hijacker
A CobaltStrike payload that uses DLL hijacking to spawn additional Beacons on Windows systems
CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking
219 stars
5 watching
26 forks
Language: C
last commit: over 1 year ago Related projects:
Repository | Description | Stars |
---|---|---|
netero1010/servicemove-bof | A tool that exploits a Windows vulnerability to execute arbitrary code on remote systems using a technique called DLL hijacking. | 284 |
netero1010/rdphijack-bof | A tool for hijacking remote RDP sessions using the WinStationConnect API | 297 |
octoberfest7/killdefender_bof | A tool that allows an attacker to elevate privileges and gain control over the Windows Defender service | 62 |
octoberfest7/cve-2023-36874_bof | An exploit tool for a Windows vulnerability allowing an attacker to run arbitrary code as SYSTEM on Windows 10 and Windows 11 | 202 |
boku7/halosgate-ps | A Cobalt Strike Beacon Object File (BOF) that uses custom syscaller code to make direct system calls to retrieve process information on the target system. | 95 |
airbus-cert/invoke-bof | Loads and executes a malicious payload in a Windows system using PowerShell. | 245 |
tomcarver16/bof-dll-inject | A tool for injecting malware into processes by mapping it to memory without registering it with the kernel. | 147 |
0x3rhy/adduser-bof | A Cobalt Strike BOF that exploits a vulnerability to add an admin user | 70 |
boku7/spawn | A Cobalt Strike Beacon tool that spawns a sacrificial process to execute shellcode, using techniques like Arbitrary Code Guard and PPID spoofing to evade detection. | 440 |
cobalt-strike/unhook-bof | Removes API hooks from a malicious process | 54 |
m57/cobaltstrike_bofs | Exploits SeBackupPrivilege to dump remote system hives and credentials. | 159 |
cobalt-strike/bof-vs | A Beacon Object File Visual Studio template project for creating malicious code executables | 145 |
octoberfest7/inline-execute-pe | An inline execution suite for CobaltStrike Beacons to load and run unmanaged Windows executables. | 648 |
espressocake/dll-hijack-search-order-bof | A tool to enumerate the search order of DLL resolution and potentially gain information about a file's mutability. | 141 |
octoberfest7/eventvieweruac_bof | A tool that bypasses UAC restrictions on Windows by deserializing and executing malicious code in Event Viewer. | 129 |