Meowmycks

Meowmycks / trustme

Public

BOF to impersonate TrustedInstaller via DISM API trigger and thread impersonation

35
1
69% credibility
Found Mar 27, 2026 at 35 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C
AI Summary

A lightweight utility for security testers to temporarily gain TrustedInstaller-level privileges on Windows systems from an admin context.

How It Works

1
🔍 Discover TrustMe

You stumble upon TrustMe, a smart helper for security testers wanting higher access on Windows during safety checks.

2
đź“Ą Grab the files

You download the simple files and place them with your security testing setup.

3
⚙️ Get into admin mode

You start a test session with everyday admin powers on the target computer.

4
🚀 Boost your powers

You activate TrustMe, and it quietly borrows super-user abilities from a background Windows helper service.

5
âś… See it working

You confirm the switch worked and now have the highest level of access.

🎉 Unlock protected areas

Now you can safely test and tweak locked files or settings, feeling empowered, then easily go back to normal.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 35 to 35 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is trustme?

trustme is a C-language Beacon Object File (BOF) for Cobalt Strike that elevates an admin-level Beacon to NT AUTHORITY\SYSTEM with the NT SERVICE\TrustedInstaller SID in its token groups. It solves the problem of accessing files, registry keys, and objects owned by TrustedInstaller—stuff even plain SYSTEM can't touch—letting you modify protected system resources directly from your Beacon session. Run "trustme" in an elevated x64 Beacon, verify with "whoami /groups", and revert via "rev2self"; it's a staple in bof collection github and cobaltstrike bof github repos.

Why is it gaining traction?

Unlike sc start TrustedInstaller, which lights up Service Control Manager logs for defenders, trustme triggers via DISM API for a quieter pivot. Users notice the seamless token application to the Beacon session—no process injection or noisy spawns—and it fits right into github bof template workflows alongside whoami bof github or socks bof github tools. The hook? Reliable TrustedInstaller impersonation that persists for ls, shell, and uploads, standing out in github bof net versus basic github bof vs alternatives.

Who should use this?

Red teamers wielding Cobalt Strike Beacons during Windows pentests, especially when tampering with TrustedInstaller-owned components like critical updates or system hives. Engagement operators needing a github bof net addition beyond keylogger bof github or sql bof github for high-priv post-ex. Skip if you're not in offensive security ops.

Verdict

Grab it if Cobalt Strike elevation is your jam—docs are crisp with build steps and usage, making it dead simple despite 35 stars. Low 0.699999988079071% credibility score flags niche maturity, so lab-test before prod runs.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.