nanodump
CS-Situational-Awareness-BOF
| nanodump | CS-Situational-Awareness-BOF | |
|---|---|---|
| 6 | 2 | |
| 1,632 | 1,128 | |
| 0.9% | 1.7% | |
| 4.9 | 7.0 | |
| 4 days ago | 21 days ago | |
| C | C | |
| Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nanodump
- nanodump: The swiss army knife of LSASS dumping now supports the PPLMedic exploit meaning you can dump LSASS on an up-to-date system with PPL enabled
- add --duplicate-local technique ยท this allows nanodump to open a handle to LSASS with PROCESS_QUERY_LIMITED_INFORMATION and elevate the handle later this way, we might bypass several detections
-
Ways to Dump LSASS
Excellent writeup. Check out this tool as well, https://github.com/helpsystems/nanodump, it supports cloning existing handles to lsass which is a fun technique for dumping lsass more stealthily. I've seen it work against some modern edrs.
-
Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
The video shows the execution of the `run` command. In the first part, the nanodump (https://github.com/helpsystems/nanodump) utility is executed in an external process (you can see in the video that at a given point the raserver.exe process is spawned).
- GitHub - helpsystems/nanodump: Dumping LSASS has never been so stealthy
- nanodump - Dumping LSASS using syscalls
CS-Situational-Awareness-BOF
What are some alternatives?
Awesome-Red-Teaming - List of Awesome Red Teaming Resources
Git - Git Source Code Mirror - This is a publish-only repository but pull requests can be turned into patches to the mailing list via GitGitGadget (https://gitgitgadget.github.io/). Please follow Documentation/SubmittingPatches procedure for any of your improvements.
CrossC2 - generate CobaltStrike's cross-platform payload
libcurl - A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features
Awesome-CobaltStrike - List of Awesome CobaltStrike Resources
obs-studio - OBS Studio - Free and open source software for live streaming and screen recording
Dumpert - LSASS memory dumper using direct system calls and API unhooking.
amd-ryzen-master-driver-v17-exploit - Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).
WindowSpy - WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.