unhook-bof
Process hook remover
Removes API hooks from a malicious process
Remove API hooks from a Beacon process.
54 stars
1 watching
16 forks
Language: C
last commit: over 2 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 rsmudge/unhook-bof | Tool to remove API hooks from a Beacon process. | 262 |
 boku7/spawn | A Cobalt Strike Beacon tool that spawns a sacrificial process to execute shellcode, using techniques like Arbitrary Code Guard and PPID spoofing to evade detection. | 429 |
| boku7/halosgate-ps | A Cobalt Strike Beacon Object File (BOF) that uses custom syscaller code to make direct system calls to retrieve process information on the target system. | 94 |
 guervild/bofs | Beacon object files for Cobalt Strike | 159 |
| cobalt-strike/bof-vs | A Beacon Object File Visual Studio template project for creating malicious code executables | 138 |
 riccardoancarani/bofs | Utilities for Cobalt Strike's Beacon Object Files to simplify working with shellcode and system processes | 111 |
 passthehashbrowns/bofmask | A proof-of-concept project demonstrating how to mask Beacon's payload execution in Cobalt Strike while executing a user-provided BOF. | 108 |
 0x3rhy/adduser-bof | A Cobalt Strike BOF that exploits a vulnerability to add an admin user | 69 |
 rvrsh3ll/bof_collection | A collection of Cobalt Strike Beacon Objectives (BOFs) that perform various tasks such as domain information retrieval, clipboard data extraction, WiFi enumeration, port scanning, and registry persistence. | 581 |
 b1tg/cobaltstrike-beacon-rust | A Cobalt Strike beacon implementation in Rust for creating malicious network connections | 177 |
 splunk/melting-cobalt | Tool to hunt and mine Cobalt Strike beacons from internet-connected services | 164 |
 te-k/cobaltstrike | Detects and analyzes Cobalt Strike beacons by analyzing HTTP responses and extracting configuration information. | 262 |
 crypt0p3g/bof-collection | A collection of beacon object files designed to be used in a remote access tool like Cobalt Strike. | 170 |
 airbus-cert/invoke-bof | Loads and executes a malicious payload in a Windows system using PowerShell. | 246 |
 otterhacker/coffloader | An implementation of in-house CoffLoader supporting CobaltStrike standard BOF and BSS initialized variables. | 48 |