nanodump vs Awesome-CobaltStrike

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

nanodump		Awesome-CobaltStrike
	Project
6	Mentions	3
1,632	Stars	3,810
0.9%	Growth	-
4.9	Activity	6.4
3 days ago	Latest Commit	8 months ago
C	Language
Apache License 2.0	License	-

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

nanodump

Posts with mentions or reviews of nanodump. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-12-19.

nanodump: The swiss army knife of LSASS dumping now supports the PPLMedic exploit meaning you can dump LSASS on an up-to-date system with PPL enabled
1 project | /r/blueteamsec | 30 Apr 2023
add --duplicate-local technique · this allows nanodump to open a handle to LSASS with PROCESS_QUERY_LIMITED_INFORMATION and elevate the handle later this way, we might bypass several detections
1 project | /r/blueteamsec | 2 Sep 2022
Ways to Dump LSASS
1 project | /r/redteamsec | 20 Aug 2022

Excellent writeup. Check out this tool as well, https://github.com/helpsystems/nanodump, it supports cloning existing handles to lsass which is a fun technique for dumping lsass more stealthily. I've seen it work against some modern edrs.
Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
2 projects | /r/redteamsec | 19 Dec 2021

The video shows the execution of the `run` command. In the first part, the nanodump (https://github.com/helpsystems/nanodump) utility is executed in an external process (you can see in the video that at a given point the raserver.exe process is spawned).
GitHub - helpsystems/nanodump: Dumping LSASS has never been so stealthy
1 project | /r/WindowsSecurity | 11 Nov 2021
nanodump - Dumping LSASS using syscalls
1 project | /r/purpleteamsec | 11 Nov 2021

Awesome-CobaltStrike

Posts with mentions or reviews of Awesome-CobaltStrike. We have used some of these posts to build our list of alternatives and similar projects.

zer0yu/Awesome-CobaltStrike
1 project | /r/redteamsec | 28 Dec 2020
Awesome CobaltStrike - List of Awesome CobaltStrike Resources
1 project | /r/blueteamsec | 28 Dec 2020

1 project | /r/purpleteamsec | 27 Dec 2020

What are some alternatives?

When comparing nanodump and Awesome-CobaltStrike you can also consider the following projects:

CS-Situational-Awareness-BOF - Situational Awareness commands implemented using Beacon Object Files

Awesome-CobaltStrike-Defence - Defences against Cobalt Strike

Awesome-Red-Teaming - List of Awesome Red Teaming Resources

Viper - Attack Surface Management & Red Team Simulation Platform 互联网攻击面管理&红队模拟平台

CrossC2 - generate CobaltStrike's cross-platform payload

SharpLAPS - Retrieve LAPS password from LDAP

Dumpert - LSASS memory dumper using direct system calls and API unhooking.

cobaltstrike-headless - Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.

amd-ryzen-master-driver-v17-exploit - Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).

WindowSpy - WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.