🧠 The ultimate, community-curated resource for Beacon Object Files (BOFs) — tutorials, how-tos, deep dives, and reference materials.
Be the go-to source for everything related to BOFs
- Help both Red and Blue Teams understand the mechanics of BOFs
- Make BOF development, testing and execution even more accessible
- Find public BOF projects, tools, loaders, research and training
- Set Up Visual Studio for BOF Development
- Set Up VSCode for BOF Development
- Execute BOFs in C2 frameworks
- Running BOFs Asynchronously in Cobalt Strike
- What are BOFs?
- C2 Framework BOF Support
- BOF Internals: Structure, API, Lifecycle
- BOF Loaders and Execution Engines
- Public BOF Repositories Catalog
- BOF and COFF loaders
- C2 Framework BOF Support
- Developer Tooling & Templates
- Blog Posts and Research on BOF Development
- BOF Training Courses
These are articles where changes are appropriate, or not yet written. Hopefully the community would like to contribute to this project by tackling any of these or other ideas for the project.
- Continue expanding the Public BOF Repositories Catalog with new BOFs coming out
- Expand the Public BOF Repositories Catalog with Sliver extensions and BOFs written for Havoc
- Expand Execute BOFs in C2 frameworks with more detail for each C2 framework
- Explanation article about BOF detection strategies
- How-to article demonstrating how to detect BOF execution
- How-to article on intermediate level BOF development
- How-to article on advanced BOF development
- How-to article on writing aggressor scripts for BOF support in CS
- How-to article on writing scripts for BOF support in Sliver and Havoc
- How-to article for developing and running BOF.NET BOFs
Want to update a reference page with new BOFs? Or write a new article? Or make changes?
- Open a pull request
- Follow the structure of the article in the relevant folder (
tutorials/,how-to/, etc.) - Include links, descriptions, and credit where due
- Or, submit an issue with whatever you would like to see changed
This repo thrives on contributions from both red and blue teams in the community. I hope we can apply the structure I have created to add new information as it appears. The entire project is written in markdown, making it easy for anyone to fork, modify and submit pull requests or issues.
Note: I have used AI to help me write and structure some the articles. I have reviewed all the information, but if mistakes have snuck in, its probably this human's fault, rather than AI slop. Again however, issues and pull requests are very welcome to correct any wrong information.
This project follow the approach of the Diátaxis documentation framework. Diátaxis identifies four distinct needs, and four corresponding forms of documentation - tutorials, how-to guides, technical reference and explanation. All articles in this repository if therefore organised around the structures of those needs. This ensures high-quality, easy to discover and use documentation.
- All the awesome BOF and loader developers that publish their BOFs on Github
- The Cobalt Strike team for pushing the direction of BOF development since 2020
- TrustedSec for all their awesome blog posts, BOF collections and training
- Zero-point for their awesome course on BOF development