{"payload":{"pageCount":2,"repositories":[{"type":"Public","name":"CS-Remote-OPs-BOF","owner":"sliverarmory","isFork":true,"description":"","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":6,"forksCount":116,"license":"GNU General Public License v2.0","participation":[0,0,0,0,0,0,2,0,0,0,0,2,0,3,0,0,2,2,0,0,0,2,0,1,0,0,0,0,0,1,5,0,0,0,0,1,0,0,5,0,0,0,0,0,0,0,0,0,0,4,1,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-06-21T20:06:31.838Z"}},{"type":"Public","name":"HavocFrameworkModules","owner":"sliverarmory","isFork":true,"description":"Modules used by the Havoc Framework","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":1,"forksCount":58,"license":null,"participation":[1,0,4,2,1,2,0,0,1,0,0,0,2,1,3,1,0,3,1,0,0,3,29,5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,1,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-06-12T14:56:06.919Z"}},{"type":"Public","name":"C2-Tool-Collection","owner":"sliverarmory","isFork":true,"description":"A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techniques.","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":1,"issueCount":0,"starsCount":5,"forksCount":183,"license":null,"participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-06-01T18:18:42.300Z"}},{"type":"Public","name":"mimikatz","owner":"sliverarmory","isFork":true,"description":"A little tool to play with Windows security","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":1,"forksCount":3615,"license":null,"participation":[0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-05-17T22:17:54.983Z"}},{"type":"Public","name":"python-wasi","owner":"sliverarmory","isFork":true,"description":"Utilities for building CPython for the WASI platform","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":12,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-05-01T15:35:11.717Z"}},{"type":"Public","name":"ThreadlessInject-BOF","owner":"sliverarmory","isFork":true,"description":"BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":50,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-04-04T22:59:08.586Z"}},{"type":"Public","name":"BOF-patchit","owner":"sliverarmory","isFork":true,"description":"An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are available.","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":19,"license":"Apache License 2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-04-04T21:56:02.285Z"}},{"type":"Public","name":"SCShell","owner":"sliverarmory","isFork":true,"description":"Fileless lateral movement tool that relies on ChangeServiceConfigA to run command","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":1,"forksCount":232,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-04-04T21:02:17.264Z"}},{"type":"Public","name":"CS-Situational-Awareness-BOF","owner":"sliverarmory","isFork":true,"description":"Situational Awareness commands implemented using Beacon Object Files","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":1,"issueCount":0,"starsCount":7,"forksCount":207,"license":"GNU General Public License v2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-04-02T22:51:27.845Z"}},{"type":"Public","name":"CVE-2024-1086","owner":"sliverarmory","isFork":true,"description":"Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":2,"forksCount":283,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-03-27T09:22:28.302Z"}},{"type":"Public","name":"nanodump","owner":"sliverarmory","isFork":true,"description":"Dump LSASS like you mean it","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":1,"issueCount":0,"starsCount":10,"forksCount":234,"license":"Apache License 2.0","participation":[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-06-06T14:26:27.975Z"}},{"type":"Public","name":"HiddenDesktop","owner":"sliverarmory","isFork":true,"description":"HVNC for Cobalt Strike","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":179,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-05-25T21:27:20.733Z"}},{"type":"Public","name":"OperatorsKit","owner":"sliverarmory","isFork":true,"description":"Collection of Beacon Object Files (BOF) for Cobalt Strike","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":67,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-02-09T21:39:54.753Z"}},{"type":"Public","name":"amd-ryzen-master-driver-v17-exploit","owner":"sliverarmory","isFork":true,"description":"Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":25,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-01-21T14:15:25.060Z"}},{"type":"Public","name":"COFFLoader","owner":"sliverarmory","isFork":true,"description":"","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":33,"forksCount":70,"license":"Other","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2023-01-16T23:02:20.434Z"}},{"type":"Public","name":"libreflect","owner":"sliverarmory","isFork":false,"description":"","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":9,"forksCount":1,"license":"BSD 3-Clause \"New\" or \"Revised\" License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-12-02T22:24:35.007Z"}},{"type":"Public","name":"BofRoast","owner":"sliverarmory","isFork":true,"description":"Beacon Object Files for roasting Active Directory","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":38,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-08-31T01:52:38.610Z"}},{"type":"Public","name":"KDStab","owner":"sliverarmory","isFork":true,"description":"BOF combination of KillDefender and Backstab","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":38,"license":"MIT License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-06-16T20:34:38.549Z"}},{"type":"Public","name":"InlineExecute-Assembly","owner":"sliverarmory","isFork":true,"description":"InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":2,"forksCount":113,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-06-10T22:04:12.201Z"}},{"type":"Public","name":"BOFs","owner":"sliverarmory","isFork":true,"description":"Collection of Beacon Object Files","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":114,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-06-02T03:55:30.217Z"}},{"type":"Public","name":"ServiceMove-BOF","owner":"sliverarmory","isFork":true,"description":"New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":2,"forksCount":46,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-06-02T03:03:08.970Z"}},{"type":"Public","name":"secinject","owner":"sliverarmory","isFork":true,"description":"Section Mapping Process Injection (secinject): Cobalt Strike BOF","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":1,"forksCount":22,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-05-04T01:50:22.439Z"}},{"type":"Public","name":"HOLLOW","owner":"sliverarmory","isFork":true,"description":"EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":56,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-05-04T01:02:04.281Z"}},{"type":"Public","name":"unhook-bof","owner":"sliverarmory","isFork":true,"description":"Remove API hooks from a Beacon process.","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":58,"license":"BSD 3-Clause \"New\" or \"Revised\" License","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-03-18T17:29:52.849Z"}},{"type":"Public","name":"HandleKatz_BOF","owner":"sliverarmory","isFork":true,"description":"A BOF port of the research of @thefLinkk and <a class=\"user-mention\" data-hovercard-type=\"organization\" data-hovercard-url=\"/orgs/codewhitesec/hovercard\" data-octo-click=\"hovercard-link-click\" data-octo-dimensions=\"link_type:self\" href=\"https://github.com/codewhitesec\">@codewhitesec</a>\n","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":1,"forksCount":17,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-02-25T14:31:45.555Z"}},{"type":"Public","name":"KillDefenderBOF","owner":"sliverarmory","isFork":true,"description":"Beacon Object File PoC implementation of KillDefender","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":1,"forksCount":30,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2022-02-08T15:06:35.491Z"}},{"type":"Public","name":"CredManBOF","owner":"sliverarmory","isFork":true,"description":"","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":1,"issueCount":0,"starsCount":3,"forksCount":20,"license":"GNU General Public License v2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2024-06-25T17:52:44.011Z"}},{"type":"Public","name":"injectAmsiBypass","owner":"sliverarmory","isFork":true,"description":"Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":48,"forksCount":68,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-12-31T16:28:10.047Z"}},{"type":"Public","name":"injectEtwBypass","owner":"sliverarmory","isFork":true,"description":"CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":30,"forksCount":55,"license":"GNU General Public License v2.0","participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-12-31T16:26:54.895Z"}},{"type":"Public","name":"FindObjects-BOF","owner":"sliverarmory","isFork":true,"description":"A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or process handles.","allTopics":[],"primaryLanguage":{"name":"C","color":"#555555"},"pullRequestCount":0,"issueCount":0,"starsCount":0,"forksCount":47,"license":null,"participation":null,"lastUpdated":{"hasBeenPushedTo":true,"timestamp":"2021-12-30T20:11:10.641Z"}}],"repositoryCount":31,"userInfo":null,"searchable":true,"definitions":[],"typeFilters":[{"id":"all","text":"All"},{"id":"public","text":"Public"},{"id":"source","text":"Sources"},{"id":"fork","text":"Forks"},{"id":"archived","text":"Archived"},{"id":"template","text":"Templates"}],"compactMode":false},"title":"sliverarmory repositories"}