NanoDump
Dumping LSASS has never been so stealthy
Features
#dump #lsass #syswhispers
Dumping LSASS has never been so stealthy
Features
• It uses syscalls (with SysWhispers2) for most operationshttps://github.com/helpsystems/nanodump
• You can choose to download the dump without touching disk or write it to a file
• The minidump by default has an invalid signature to avoid detection
• It reduces the size of the dump by ignoring irrelevant DLLs. The (nano)dump tends to be arround 10 MB in size
• You don't need to provide the PID of LSASS
• No calls to dbghelp or any other library are made, all the dump logic is implemented in nanodump
• You can use the .exe version to run nanodump outside of Cobalt Strike
#dump #lsass #syswhispers
InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
https://github.com/Sh0ckFR/InlineWhispers2
#cobaltstrike #BOF #syswhispers
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
https://github.com/Sh0ckFR/InlineWhispers2
#cobaltstrike #BOF #syswhispers
GitHub
GitHub - Sh0ckFR/InlineWhispers2: Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2 - Sh0ckFR/InlineWhispers2