nanodump
Awesome-CobaltStrike
nanodump | Awesome-CobaltStrike | |
---|---|---|
6 | 3 | |
1,632 | 3,810 | |
0.9% | - | |
4.9 | 6.4 | |
3 days ago | 8 months ago | |
C | ||
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nanodump
- nanodump: The swiss army knife of LSASS dumping now supports the PPLMedic exploit meaning you can dump LSASS on an up-to-date system with PPL enabled
- add --duplicate-local technique · this allows nanodump to open a handle to LSASS with PROCESS_QUERY_LIMITED_INFORMATION and elevate the handle later this way, we might bypass several detections
-
Ways to Dump LSASS
Excellent writeup. Check out this tool as well, https://github.com/helpsystems/nanodump, it supports cloning existing handles to lsass which is a fun technique for dumping lsass more stealthily. I've seen it work against some modern edrs.
-
Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
The video shows the execution of the `run` command. In the first part, the nanodump (https://github.com/helpsystems/nanodump) utility is executed in an external process (you can see in the video that at a given point the raserver.exe process is spawned).
- GitHub - helpsystems/nanodump: Dumping LSASS has never been so stealthy
- nanodump - Dumping LSASS using syscalls
Awesome-CobaltStrike
What are some alternatives?
CS-Situational-Awareness-BOF - Situational Awareness commands implemented using Beacon Object Files
Awesome-CobaltStrike-Defence - Defences against Cobalt Strike
Awesome-Red-Teaming - List of Awesome Red Teaming Resources
Viper - Attack Surface Management & Red Team Simulation Platform 互联网攻击面管理&红队模拟平台
CrossC2 - generate CobaltStrike's cross-platform payload
SharpLAPS - Retrieve LAPS password from LDAP
Dumpert - LSASS memory dumper using direct system calls and API unhooking.
cobaltstrike-headless - Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.
amd-ryzen-master-driver-v17-exploit - Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).
WindowSpy - WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.