[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1689":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":15,"stars7d":16,"stars30d":17,"stars90d":14,"forks30d":14,"starsTrendScore":17,"compositeScore":18,"rankGlobal":9,"rankLanguage":9,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":20,"hasPages":20,"topics":22,"createdAt":9,"pushedAt":9,"updatedAt":23,"readmeContent":24,"aiSummary":25,"trendingCount":14,"starSnapshotCount":14,"syncStatus":16,"lastSyncTime":26,"discoverSource":27},1689,"SilentHarvest_BOF","Octoberfest7\u002FSilentHarvest_BOF","Octoberfest7","A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique",null,"C",179,12,175,0,1,2,3,3.34,"MIT License",false,"main",[],"2026-06-12 02:00:31","# SilentHarvest BOF\nThis is a BOF implementation of [Furkan Göksel's](https:\u002F\u002Fx.com\u002FR0h1rr1m) [SilentNimvest](https:\u002F\u002Fgithub.com\u002Ffrkngksl\u002FSilentNimvest\u002Ftree\u002Fmain) project, which is in turn based on the [SilentHarvest research](https:\u002F\u002Fsud0ru.ghost.io\u002Fsilent-harvest-extracting-windows-secrets-under-the-radar\u002F) by [Haidar](https:\u002F\u002Fx.com\u002Fhaider_kabibo). It's effectively another registry-only credential dumper, replicating hashdump capabilities as well as retrieving secrets stored in the  HKLM\\SECURITY\\Policy\\Secrets subkeys. Old capabilities with a \"new\" \"sneaky\" way of delivering. Only requires SeBackupPrivilege (e.g. Administrator, doesn't require SYSTEM as it would normally).\n\n# Usage\n![alt text](img\u002Fsilentharvest_out.png)\n\n## Decrypt Recovered Cached Domain Credentials\nStore the returned hashes in a file and then provide it along with your favorite word list to hashcat\n![alt text](img\u002Fhashcat.png)\n\n# Limitations\nThis tool does not implement functionality to enable the SeBackupPrivilege in your Beacon token. That is the responsibility of the operator, either through the getprivs command or by implementing the code.\n\nThis BOF only supports newer (Win 2016 \u002F Win 10 and above) machines which implement AES encryption in their secret keeping. The legacy RC4 mechanism is not currently supported but would make for a great pull request from someone who has the time\u002Fdesire.\n\nThis tool is NOT intended to be a port of, or achieve feature parity with, Mimikatz. There are several complexities\u002Fpossible scenarios that are not implemented, like smart card credential support, that would similarly make great PR's.\n\n# Compilation\nThis tool was written without the use of normal BOF API declarations (e.g. a bofdefs.h file). As outlined in this [blog post](https:\u002F\u002Fblog.cybershenanigans.space\u002Fposts\u002Fwriting-bofs-without-dfr\u002F) by [Matt Ehrnschwender](https:\u002F\u002Fx.com\u002FM_alphaaa), it's possible to use objcopy to patch the proper symbols of format `DLL$API` into the BOF post-compilation. The Makefile for this tool calls objcopy, passing an imports_silentharvestXX.txt file containing the proper symbol replacements which then renders the BOF usable. \n\nI have written a tool called BOFPatcher that automates this process. This allows users to write BOFs as normal C without worrying about cumbersome API declarations:\n\n![alt text](img\u002Fbofpatcher.png)\n\nThis tool is available to those who purchase my [BOF Development and Tradecraft](https:\u002F\u002Ftraining.zeropointsecurity.co.uk\u002Fcourses\u002Fbof-dev-and-tradecraft) course. \n\n# Credits\n1. [Haidar](https:\u002F\u002Fx.com\u002Fhaider_kabibo) for publishing the original SilentHarvest blog post.\n2. [Furkan Göksel's](https:\u002F\u002Fx.com\u002FR0h1rr1m) for his SilentNimvest tool which served as a template when writing this version.\n3. The AdaptixC2 team for their [hashdump implementation](https:\u002F\u002Fgithub.com\u002FAdaptix-Framework\u002FExtension-Kit\u002Fblob\u002Fmain\u002FCreds-BOF\u002Fhashdump\u002Fhashdump.c) which was referenced and utilized\n4. Big shoutout to [Benjamin Delpy](https:\u002F\u002Fx.com\u002Fgentilkiwi) for his work on Mimikatz(https:\u002F\u002Fgithub.com\u002Fgentilkiwi\u002Fmimikatz). It was my first time going through the source code in any serious capacity, and especially remembering that Claude et al. didn't exist all those years ago its just astoundingly impressive what he put together.\n5. [rescatux's chntpw repo.](https:\u002F\u002Fgithub.com\u002Frescatux\u002Fchntpw\u002Ftree\u002Fmaster)\n6. [Journey1's RemoteSamDecrypt repo.](https:\u002F\u002Fgithub.com\u002Fj0urney1\u002FRemoteSamDecrypt\u002Ftree\u002Fmaster)","SilentHarvest_BOF 是一个基于C语言的Cobalt Strike BOF实现，用于执行注册表转储技术。该项目主要功能是从Windows注册表中提取凭证信息，包括哈希值和存储在HKLM\\SECURITY\\Policy\\Secrets子键下的秘密数据，同时仅需要SeBackupPrivilege权限（例如管理员权限），无需系统级权限。其技术特点在于采用了新的、隐蔽的方式进行交付，并且特别适用于较新版本的操作系统（如Windows 2016\u002FWin 10及以上）。此外，通过与hashcat等工具结合使用，可以进一步解密恢复的缓存域凭据。此项目适合于安全研究人员或渗透测试人员，在需要从目标系统中获取敏感信息时采用。","2026-06-11 02:45:26","CREATED_QUERY"]