BlueSAM: Stealthy Cobalt Strike BOF Extracts SAM via BlueHammer
BlueSAM is a C-based Cobalt Strike BOF that targets the BlueHammer vulnerability to stealthily extract Windows SAM databases. It mimics Windows Defender updates and Volume Shadow Copy Service behavior, allowing red teams to access credentials without triggering typical defenses monitoring Mimikatz o