[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1878":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":14,"stars7d":16,"stars30d":17,"stars90d":15,"forks30d":15,"starsTrendScore":18,"compositeScore":19,"rankGlobal":9,"rankLanguage":9,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":21,"topics":24,"createdAt":9,"pushedAt":9,"updatedAt":25,"readmeContent":26,"aiSummary":27,"trendingCount":15,"starSnapshotCount":15,"syncStatus":28,"lastSyncTime":29,"discoverSource":30},1878,"BlueSAM","incursi0n\u002FBlueSAM","incursi0n","A Cobalt Strike Beacon Object File that exploits the BlueHammer vulnerability that to obtain a copy of the SAM database.",null,"C",161,25,150,1,0,4,8,3,4.24,"MIT License",false,"main",true,[],"2026-06-12 02:00:34","# BlueSAM BOF\nA Cobalt Strike Beacon Object File adaptation of BlueHammer that attempts to obtain\na copy of the SAM database through Windows Defender update\u002FVSS behavior and\nprocess offline registry data from Beacon.\n\nCredits to Nightmare-Eclipse's BlueHammer\n(https:\u002F\u002Fgithub.com\u002FNightmare-Eclipse\u002FBlueHammer) for the original PoC.\n\n## To start\n1. Git clone the repo\n2. Run `make`\n\n## Usage\n1. Import the bluesam.cna script into Cobalt Strike\n2. Use the command `bluesam`\n\n```\nbluesam\nCommand         Description\n(none)          Runs the BlueSAM BOF with the default target behavior.\nany argument    Shows this help menu.\n```\n## Sample run\n\u003Cimg width=\"1165\" height=\"702\" alt=\"image\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fe1eaf4ea-61f0-4752-a023-6f1e027bd6f3\" \u002F>\n\n## Credits:\n- https:\u002F\u002Fgithub.com\u002FNightmare-Eclipse\u002FBlueHammer\n- https:\u002F\u002Fgithub.com\u002FMEhrn00\u002Fboflink\n- https:\u002F\u002Fgithub.com\u002Ftrustedsec\u002FCS-Situational-Awareness-BOF\u002Ftree\u002Fmaster\u002Fsrc\u002Fbase_template\n- https:\u002F\u002Fgithub.com\u002FCodeXTF2\u002Fbof_template\n","BlueSAM 是一个基于Cobalt Strike Beacon Object File的工具，旨在利用BlueHammer漏洞获取SAM数据库副本。它通过模仿Windows Defender更新\u002FVSS行为来提取离线注册表数据，并在Beacon中处理这些数据。该工具适用于需要进行渗透测试和安全评估的场景，特别是当目标系统可能存在BlueHammer漏洞时。使用前需先克隆项目并编译源码，然后将bluesam.cna脚本导入Cobalt Strike中运行。此项目遵循MIT许可证，已获得156个星标及24次分叉，表明其在特定安全研究社区中的受欢迎程度。",2,"2026-06-11 02:46:35","CREATED_QUERY"]