unhook-bof
Process hook remover
Removes API hooks from a malicious process
Remove API hooks from a Beacon process.
54 stars
1 watching
16 forks
Language: C
last commit: over 3 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 rsmudge/unhook-bof | Tool to remove API hooks from a Beacon process. | 263 |
 boku7/spawn | A Cobalt Strike Beacon tool that spawns a sacrificial process to execute shellcode, using techniques like Arbitrary Code Guard and PPID spoofing to evade detection. | 440 |
| boku7/halosgate-ps | A Cobalt Strike Beacon Object File (BOF) that uses custom syscaller code to make direct system calls to retrieve process information on the target system. | 95 |
 guervild/bofs | Beacon object files for Cobalt Strike | 158 |
| cobalt-strike/bof-vs | A Beacon Object File Visual Studio template project for creating malicious code executables | 145 |
 riccardoancarani/bofs | Utilities for Cobalt Strike's Beacon Object Files to simplify working with shellcode and system processes | 112 |
 passthehashbrowns/bofmask | A proof-of-concept project demonstrating how to mask Beacon's payload execution in Cobalt Strike while executing a user-provided BOF. | 110 |
 0x3rhy/adduser-bof | A Cobalt Strike BOF that exploits a vulnerability to add an admin user | 70 |
 rvrsh3ll/bof_collection | A collection of Cobalt Strike Beacon Objectives (BOFs) that perform various tasks such as domain information retrieval, clipboard data extraction, WiFi enumeration, port scanning, and registry persistence. | 593 |
 b1tg/cobaltstrike-beacon-rust | A Cobalt Strike beacon implementation in Rust for creating malicious network connections | 180 |
 splunk/melting-cobalt | Tool to hunt and mine Cobalt Strike beacons from internet-connected services | 164 |
 te-k/cobaltstrike | Detects and analyzes Cobalt Strike beacons by analyzing HTTP responses and extracting configuration information. | 266 |
 crypt0p3g/bof-collection | A collection of beacon object files designed to be used in a remote access tool like Cobalt Strike. | 170 |
 airbus-cert/invoke-bof | Loads and executes a malicious payload in a Windows system using PowerShell. | 245 |
 otterhacker/coffloader | An implementation of in-house CoffLoader supporting CobaltStrike standard BOF and BSS initialized variables. | 48 |