FindObjects-BOF
Process enumerator
An exploit tool that uses direct system calls to enumerate processes based on specific loaded modules or process handles
A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.
266 stars
17 watching
47 forks
last commit: over 1 year ago Related projects:
| Repository | Description | Stars |
|---|---|---|
| outflanknl/inlinewhispers | Tool to generate inline assembly code for direct system calls in COBalt Strike's Beacon Object Files (BOF) | 308 |
| outflanknl/recon-ad | An Active Directory reconnaissance tool that uses ADSI and reflective DLLs to enumerate domain information and query user, group, and computer objects. | 316 |
| outflanknl/c2-tool-collection | Tools for exploiting vulnerabilities in Windows systems and gathering information about networked computers. | 1,143 |
 boku7/whereami | A tool that extracts environment variables from a process without touching system DLLs using hand-crafted shellcode | 160 |
| boku7/spawn | A Cobalt Strike Beacon tool that spawns a sacrificial process to execute shellcode, using techniques like Arbitrary Code Guard and PPID spoofing to evade detection. | 429 |
| boku7/hollow | A tool that enables remote process shellcode execution using the Early Bird injection technique | 266 |
| outflanknl/wdtoggle | A tool to enable WDigest credential caching using direct system calls in Cobalt Strike | 213 |
 espressocake/ppldump_bof | A tool for dumping the memory contents of a protected process on Windows | 135 |
| boku7/halosgate-ps | A Cobalt Strike Beacon Object File (BOF) that uses custom syscaller code to make direct system calls to retrieve process information on the target system. | 94 |
| espressocake/dll-hijack-search-order-bof | A tool to enumerate the search order of DLL resolution and potentially gain information about a file's mutability. | 141 |
| outflanknl/helpcolor | Lists available Cobalt Strike beacon commands and colors them based on their type | 189 |
 cobalt-strike/unhook-bof | Removes API hooks from a malicious process | 54 |
 iilegacyyii/threadlessinject-bof | A tool that enables process injection without thread creation by hooking an export function from a remote process. | 367 |
 crypt0p3g/bof-collection | A collection of beacon object files designed to be used in a remote access tool like Cobalt Strike. | 170 |
 mainframed/enumeration | A collection of scripts and tools to help enumerate and interact with z/OS systems | 63 |