Invoke-Bof
Payload loader
Loads and executes a malicious payload in a Windows system using PowerShell.
Load any Beacon Object File using Powershell!
245 stars
11 watching
34 forks
Language: PowerShell
last commit: about 3 years ago cobalt-strikepowershell
Related projects:
Repository | Description | Stars |
---|---|---|
cobalt-strike/bof-vs | A Beacon Object File Visual Studio template project for creating malicious code executables | 145 |
guervild/bofs | Beacon object files for Cobalt Strike | 158 |
offsecginger/aes-powershellcode | A PowerShell payload designed to evade detection and execute malicious commands on a target system | 108 |
boku7/halosgate-ps | A Cobalt Strike Beacon Object File (BOF) that uses custom syscaller code to make direct system calls to retrieve process information on the target system. | 95 |
boku7/spawn | A Cobalt Strike Beacon tool that spawns a sacrificial process to execute shellcode, using techniques like Arbitrary Code Guard and PPID spoofing to evade detection. | 440 |
riccardoancarani/bofs | Utilities for Cobalt Strike's Beacon Object Files to simplify working with shellcode and system processes | 112 |
octoberfest7/dropspawn_bof | A CobaltStrike payload that uses DLL hijacking to spawn additional Beacons on Windows systems | 219 |
xx0hcd/alt-beacon-payload | Creates a custom C# beacon payload with AV bypass and shellcode injection capabilities | 20 |
cobalt-strike/unhook-bof | Removes API hooks from a malicious process | 54 |
crypt0p3g/bof-collection | A collection of beacon object files designed to be used in a remote access tool like Cobalt Strike. | 170 |
northwavesecurity/kernel-mii | Exploits a kernel vulnerability to gain SYSTEM privileges on Windows. | 29 |
0x3rhy/adduser-bof | A Cobalt Strike BOF that exploits a vulnerability to add an admin user | 70 |
netero1010/trustedpath-uacbypass-bof | Tools and techniques to bypass Windows UAC restrictions on executable files by utilizing DCOM objects | 119 |
boku7/injectetwbypass | Tool to bypass ETW (Event Tracing for Windows) security measure in remote processes by injecting a custom syscall | 276 |
boku7/injectamsibypass | A tool that bypasses AMSI in a remote process with code injection. | 377 |