Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload generation and obfuscation. Instead of relying on outdated exploits or noisy service abuse, Bantam gives you precision control over process privileges, allowing you to disable security checks, escalate access, or evade defences with surgical focus.
Privilege escalation on Windows often feels like a game of chance—either there’s a juicy misconfig or you’re scraping the bottom of whoami /priv for scraps. That’s where Bantam comes in.
Developed by @gellin, it’s ideal for red teamers, post-exploitation operators, or anyone who wants more firepower than SeDebugPrivilege and less noise than Mimikatz.
What Is Bantam?
Bantam is a Windows token privilege management tool that allows an attacker to view, manipulate, and abuse user rights assigned to a process token.
With the right privileges already available (often overlooked in real-world networks), Bantam can:
- Enable/disable token privileges in the current process
- Spoof token privileges in child processes
- Drop privileges to reduce footprint
- Interact with SYSTEM-level rights under the proper context
This isn’t about injecting DLLs or scraping LSASS—it’s about playing the token game properly.
Key Features
- Privilege Enumeration
Lists all privileges available to the current process/token, including those that are enabled by default. - Privilege Activation
Enables privileges that are present but disabled, likeSeDebugPrivilege,SeImpersonatePrivilege,SeLoadDriverPrivilege, and more. - Silent Process Creation
Spawns child processes with selectively modified privileges, helping evade detection. - Defense Evasion
Drop unnecessary privileges to minimise behavioural signatures. - No External Dependencies
Just a single Windows executable (compiled from C) with a minimal footprint.
Why It Matters
Most Windows systems grant local administrators or service accounts high-value privileges, even if they don’t run as SYSTEM.
By enumerating and enabling those privileges, you can:
- Bypass UAC
- Load drivers
- Interact with processes across sessions
- Persist without writing to disk
- Evade userland AV and EDR hooks by removing suspicious privileges before payload execution.
Bantam is extremely valuable for quiet privilege escalation, persistence, or post-exploitation pivoting.
Final Thoughts
Bantam doesn’t exploit—it enables.
It’s built for operators who understand that many post-exploitation wins come not from zero-days, but from knowing how Windows handles access.
For security researchers, red teamers, and stealthy intruders, Bantam is a precision tool in a world full of blunt-force scripts.
You’re not going to dump creds with it. You’ll slip past detection, escalate rights, and stay invisible—because you know precisely which token to play.
You can download Bantam or read more here:
Leave a Reply