Cyb3r-Monk

Follow

Mehmet E. Cyb3r-Monk

Follow

Cyb3rMonk

421 followers · 26 following

Netherlands
@Cyb3rMonk

Achievements

Achievements

Highlights

Pro

Organizations

Lists (32)

Sort

Adversary Simulation

Adversary simulations

10 repositories

AI-LLM

Promp engineering etc.

27 repositories

Attack Simulation and Automation

Attack simulation, detection engineering, purple teaming. etc.

36 repositories

Blue Team Tools

23 repositories

Data Science

20 repositories

Data Visualization

Interactive dashboarding etc.

DFIR

DFIR and Hunting Tools

Useful tools for threat hunting and DFIR

35 repositories

DFIR: Cloud

Graph

11 repositories

Identity and Cloud

Entra ID, Azure related ttack and defense

Jupyter and Python

Knowledge Repos

LOLBins, query repos, etc.

Lab Environment and Automation

37 repositories

Malware Analysis and YARA

Microsoft Sentinel and Defender

Red Team: Collection

Red Team: Command and Control

18 repositories

Red Team: Credential Access

58 repositories

Red Team: Defense Evasion

95 repositories

Red Team: Discovery

Bloodhound, Kubehound, and other stuff

20 repositories

Red Team: Execution

39 repositories

Red Team: Exfiltration

Red Team: Initial Access

22 repositories

Red Team: Lateral Movement

18 repositories

Red Team: Persistence

Red Team: Privilege Escalation

15 repositories

Red Team: Reconnaissance

Red Team: Resource Development

40 repositories

Red Team Tools

120 repositories

Security Data Science

Training

35 repositories

Stars

72 stars written in C

icyguider / UAC-BOF-Bonanza

Collection of UAC Bypass Techniques Weaponized as BOFs

C 574 71 Updated Feb 21, 2024

RalfHacker / Kerbeus-BOF

BOF for Kerberos abuse (an implementation of some important features of the Rubeus).

C 506 59 Updated Mar 29, 2025

KingOfTheNOPs / cookie-monster

BOF to steal browser cookies & credentials

C 467 40 Updated Nov 3, 2025

Octoberfest7 / MemFiles

A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk

C 466 64 Updated Jul 6, 2024

Cracked5pider / LdrLibraryEx

A small x64 library to load dll's into memory.

C 450 76 Updated Nov 6, 2023

0xEr3bus / PoolPartyBof

A beacon object file implementation of PoolParty Process Injection Technique.

C 421 49 Updated Dec 21, 2023

bytewreck / DumpGuard

Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.

C 418 33 Updated Oct 27, 2025

ElliotKillick / LdrLockLiberator

For when DLLMain is the only way

C 408 66 Updated Oct 29, 2024

S3cur3Th1sSh1t / Caro-Kann

Encrypted shellcode Injection to avoid Kernel triggered memory scans

C 396 41 Updated Sep 12, 2023

Octoberfest7 / DropSpawn_BOF

CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking

C 284 37 Updated Jun 8, 2023

0xHossam / HuffLoader

Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.

C 279 40 Updated Apr 6, 2025

gabriellandau / EDRSandblast-GodFault

EDRSandblast-GodFault

C 268 50 Updated Aug 28, 2023

dis0rder0x00 / obex

Obex – Blocking unwanted DLLs in user mode

C 262 35 Updated Sep 18, 2025

VoldeSec / PatchlessInlineExecute-Assembly

Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.

C 260 34 Updated Apr 17, 2023

0xJs / BlockEDRTraffic

Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows Filtering Platform (WFP).

C 251 34 Updated Sep 23, 2025

mdsecresearch / Publications

A list of published research documents

C 246 53 Updated Jul 10, 2024

loosehose / SilentButDeadly

SilentButDeadly is a network communication blocker specifically designed to neutralize EDR/AV software by preventing their cloud connectivity using Windows Filtering Platform (WFP). This version fo…

C 245 30 Updated Nov 3, 2025

hackvens / CoercedPotato

Forked from Prepouce/CoercedPotato

C 232 28 Updated Nov 13, 2024

cube0x0 / BofRoast

Beacon Object Files for roasting Active Directory

C 232 40 Updated Feb 21, 2022

maxDcb / DreamWalkers

Reflective shellcode loaderwith advanced call stack spoofing and .NET support.

C 219 43 Updated Sep 19, 2025

yo-yo-yo-jbo / dumping_lsass

The different ways to dump lsass

C 195 24 Updated Aug 15, 2025

Paradoxis / ADSyncDump-BOF

The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencies.

C 163 20 Updated Sep 3, 2025

Mr-Un1k0d3r / Elevate-System-Trusted-BOF

C 161 26 Updated Mar 27, 2023

ewby / Mockingjay_BOF

Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique

C 156 17 Updated Nov 7, 2023

Nomad0x7 / sekken-enum

adws enumeration bof

C 156 16 Updated Oct 2, 2025

ZephrFish / QoL-BOFs

Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning

C 136 14 Updated Apr 26, 2025

xforcered / Being-A-Good-CLR-Host

Forked from passthehashbrowns/Being-A-Good-CLR-Host

C 135 8 Updated Jan 16, 2025

werdhaihai / msi_lateral_mv

Lateral Movement Bof with MSI ODBC Driver Install

C 134 15 Updated Sep 30, 2025

kozmer / aad-bofs

AzureAD beacon object files

C 131 14 Updated Dec 18, 2024

racoten / BetterNetLoader

A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints

C 116 12 Updated Jul 11, 2025