BOFs
Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.
Install / Use
/learn @RayRRT/BOFsREADME
BOFs
Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.
Note: This code was developed using my knowledge of Windows internals, Kerberos, and Active Directory, with assistance from Claude Code. It is the researcher's responsibility to understand and improve the code according to their needs.
Offensive BOFs
| BOF | Description | Attack Chain | |-----|-------------|--------------| | Token2Cert | ESC1 via token impersonation | Token theft → ESC1 cert request → PKINIT → UnPAC-the-hash | | ESC1-unPAC | ADCS ESC1 exploitation | ESC1 → PKINIT → UnPAC-the-hash | | ShadowCreds-unPAC-BOF | Shadow Credentials attack | Write target msDS-KeyCredentialLink → PKINIT → UnPAC-the-hash → Clear target msDS-KeyCredentialLink | | IHxExec-BOF | Cross-session command execution | IHxHelpPaneServer COM hijacking |
Learning BOFs
| BOF | Description | |-----|-------------| | CustomBOFs | Basic enumeration BOFs for learning purposes (whoami, LDAP queries, share finder, ESC1 finder) |
Credits: References to the original researchers and community projects are included in each BOF's README.
Related Skills
node-connect
337.4kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
83.2kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
337.4kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
83.2kCommit, push, and open a PR
