amd-ryzen-master-driver-v17-exploit
nanodump
amd-ryzen-master-driver-v17-exploit | nanodump | |
---|---|---|
1 | 6 | |
130 | 1,636 | |
- | 1.3% | |
10.0 | 4.9 | |
over 1 year ago | 14 days ago | |
C | C | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
amd-ryzen-master-driver-v17-exploit
nanodump
- nanodump: The swiss army knife of LSASS dumping now supports the PPLMedic exploit meaning you can dump LSASS on an up-to-date system with PPL enabled
- add --duplicate-local technique · this allows nanodump to open a handle to LSASS with PROCESS_QUERY_LIMITED_INFORMATION and elevate the handle later this way, we might bypass several detections
-
Ways to Dump LSASS
Excellent writeup. Check out this tool as well, https://github.com/helpsystems/nanodump, it supports cloning existing handles to lsass which is a fun technique for dumping lsass more stealthily. I've seen it work against some modern edrs.
-
Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
The video shows the execution of the `run` command. In the first part, the nanodump (https://github.com/helpsystems/nanodump) utility is executed in an external process (you can see in the video that at a given point the raserver.exe process is spawned).
- GitHub - helpsystems/nanodump: Dumping LSASS has never been so stealthy
- nanodump - Dumping LSASS using syscalls
What are some alternatives?
CrossC2 - generate CobaltStrike's cross-platform payload
CS-Situational-Awareness-BOF - Situational Awareness commands implemented using Beacon Object Files
ScreenshotBOF - An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.
Awesome-Red-Teaming - List of Awesome Red Teaming Resources
WindowSpy - WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.
windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合
Awesome-CobaltStrike - List of Awesome CobaltStrike Resources
Dumpert - LSASS memory dumper using direct system calls and API unhooking.
bof-launcher - Beacon Object File (BOF) launcher - library for executing BOF files in C/C++/Zig applications