Octoberfest7

Octoberfest7 / SilentHarvest_BOF

Public

A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique

49
5
69% credibility
Found Apr 14, 2026 at 49 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C
AI Summary

SilentHarvest is a specialized tool for security testers that extracts password hashes from local accounts, machine credentials, and LSA secrets stored in Windows registry without needing full system control.

How It Works

1
🔍 Discover the tool

You learn about SilentHarvest from security blogs or forums, a clever way for testers to uncover hidden passwords on Windows machines.

2
📥 Get it ready

You grab the files and set everything up in your testing setup so it's prepared to use.

3
🔓 Unlock the secrets

With admin access on the test computer, you run the tool and it quietly finds and shows password codes and hidden info from the system's storage.

4
📋 Review the findings

You see a clear list of usernames with their password hashes, service logins, and other sensitive details ready for analysis.

5
Choose next step
🔨
Crack passwords

Save the codes and use a cracking program to try guessing the real passwords.

📊
Analyze security

Examine the info to understand risks and make the system stronger.

Mission complete

You've successfully extracted and reviewed the hidden credentials, helping improve security on the test machine.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 49 to 49 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is SilentHarvest_BOF?

SilentHarvest_BOF is a C-language Beacon Object File (BOF) for Cobalt Strike beacons that dumps Windows credentials directly from the registry using just SeBackupPrivilege—admin rights suffice, no SYSTEM needed. It pulls SAM hashes, LSA secrets from HKLM\SECURITY\Policy\Secrets, and cached domain logons, spitting out hashcat-compatible output for LM/NT cracks and service account passwords. Targets Win10/2016+ with AES encryption, solving stealthy cred access in tight EDR environments.

Why is it gaining traction?

Unlike full Mimikatz ports, it stays registry-bound for lower detection risk, works with Cobalt Strike 4.11/4.12 dns beacons or sleep masks, and auto-formats for hashcat—download from cobalt github and drop into your C2. The SeBackupPrivilege hook beats priv-esc hassles, drawing red teamers tweaking github cobalt strike profiles for bof payloads.

Who should use this?

Red team operators running Cobalt Strike C2 who need quick SAM/LSA dumps during beacon callbacks on domain controllers or workstations. Pentesters targeting cached creds on domain-joined boxes without alerting via lsass reads. Cobalt strike documentation readers building custom BOF chains for post-exploitation.

Verdict

Grab it if you're deep in Cobalt Strike workflows—49 stars and strong README make it usable now, but 0.699999988079071% credibility score means it's early-stage; lacks RC4 and edge-case coverage, so validate in labs first.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.