nanodump
The swiss army knife of LSASS dumping (by fortra)
Awesome-Red-Teaming
List of Awesome Red Teaming Resources (by yeyintminthuhtut)
nanodump | Awesome-Red-Teaming | |
---|---|---|
6 | 8 | |
1,632 | 6,524 | |
1.0% | - | |
4.9 | 0.0 | |
4 days ago | 4 months ago | |
C | ||
Apache License 2.0 | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nanodump
Posts with mentions or reviews of nanodump.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-12-19.
- nanodump: The swiss army knife of LSASS dumping now supports the PPLMedic exploit meaning you can dump LSASS on an up-to-date system with PPL enabled
- add --duplicate-local technique ยท this allows nanodump to open a handle to LSASS with PROCESS_QUERY_LIMITED_INFORMATION and elevate the handle later this way, we might bypass several detections
-
Ways to Dump LSASS
Excellent writeup. Check out this tool as well, https://github.com/helpsystems/nanodump, it supports cloning existing handles to lsass which is a fun technique for dumping lsass more stealthily. I've seen it work against some modern edrs.
-
Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
The video shows the execution of the `run` command. In the first part, the nanodump (https://github.com/helpsystems/nanodump) utility is executed in an external process (you can see in the video that at a given point the raserver.exe process is spawned).
- GitHub - helpsystems/nanodump: Dumping LSASS has never been so stealthy
- nanodump - Dumping LSASS using syscalls
Awesome-Red-Teaming
Posts with mentions or reviews of Awesome-Red-Teaming.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-04-04.
- Career growth in cybersecurity
- i'm literally so far behind compared to everyone else!
- Any useful cybersecurity software under $5k?
-
Cybersecurity Repositories
Red Teaming
- Is there a cheat sheet of security tools and a small description of what they're used for?
-
Struggling to decide if I should take a low paying job offer or focus on studying for cybersecurity certificates. Any advice would be much appreciated.
Red Teaming / pen testing -- set up a home lab. Find a resource on the internet about how to learn red teaming and dig in. Example: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
-
Red Team Equipment for Budget Proposal
For software, pretty much everything you might need to start out is available as open source. Besides the actual testing stuff, don't forget to look at tools to facilitate collaboration + reporting (highly recommend looking at https://github.com/GhostManager/Ghostwriter). Also checkout: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
-
Looking for a mentor to show me what the industry in like
Pentesting is a tiny fraction of roles out of 10s of thousands and you're not likely to get an entry level gig on a red team but if you are interested in pen-testing check out https://jhalon.github.io/becoming-a-pentester/ and https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
What are some alternatives?
When comparing nanodump and Awesome-Red-Teaming you can also consider the following projects:
CS-Situational-Awareness-BOF - Situational Awareness commands implemented using Beacon Object Files
Starkiller - Starkiller is a Frontend for PowerShell Empire.