endymi's repositories
bofs-check-creds
Miscellaneous Cobalt Strike Beacon Object Files
KillDefender
A small POC to make defender useless by removing its token privileges and lowering the token integrity
NoteThief
Grab unsaved Notepad contents with a Beacon Object File
TokenStripBOF
Beacon Object File to delete token privileges and lower the integrity level to untrusted for a specified process
BOF-CobaltStrike
Useful Cobalt Strike Beacon Object Files (BOFs) used during red teaming and penetration testing engagements.
SharpAllTheThings
The idea is to collect all the C# projects that are Sharp{Word} that can be used in Cobalt Strike as execute assembly command.
JumpSession_BOF
Beacon Object File allowing creation of Beacons in different sessions.
EventViewerUAC_BOF
Beacon Object File implementation of Event Viewer deserialization UAC bypass
KillDefenderBOF
Beacon Object File PoC implementation of KillDefender
Backstab_BOF
Beacon Object File implementation of Yaxser's Backstab
BofRoast
Beacon Object Files for roasting Active Directory
sandbox-process-bof
A Beacon Object File (BOF) to sandbox a process
BOF_dumpclip
Beacon Object Files to dump content of clipboard
tgtdelegation
tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"
DLL_Version_Enumeration_BOF
A BOF for enumerating version information for DLLs associated for a Beacon process.
Firewall_Walker_BOF
A BOF to interact with COM objects associated with the Windows software firewall.
GetWebDAVStatus
Determine if the WebClient Service (WebDAV) is running on a remote system
PPLDump_BOF
A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.
BOFs-Ricardo
Collection of Beacon Object Files (BOFs) for shells and lols
TrustedPath-UACBypass-BOF
Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.exe" by using DCOM object.
Detect-Hooks
Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
CVE-2021-30481
https://nvd.nist.gov/vuln/detail/CVE-2021-30481
Eventlogedit-evtx--Evolution
Remove individual lines from Windows XML Event Log (EVTX) files
BOF-RegSave
Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File
BOF-DLL-Inject
Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.