Skip to content

Latest commit

 

History

History
61 lines (34 loc) · 1.62 KB

README.md

File metadata and controls

61 lines (34 loc) · 1.62 KB

☁️ nanostorm

Nanostorm is an EDR evasion tool written in Rust for Windows and Linux binaries that places nanomites in the target executable, and packs and encrypts it.

Badges

GitHub Workflow Status GPLv3 License

Authors

Contributing

Contributions are always welcome!

Features

  • Toggable ability to encrypt(-e) and compress (-c) the binary, and jump data table
  • In memory execution of stub
  • Ability to write your own stub, using libnanomite
  • No current (as of Oct 2022) AV detections

Usage/Examples

First, compile nanostorm to create nanomite infected binaries. nanostorm requires the installation of Ghidra.

You will need to pass the path of _Ghidra) to nanostorm with -g /path/to/ghidra-root

cargo build --release --bin nanostorm

Next, you'll have to create a binary with nanomites:

./target/release/nanostorm -g /path/to/ghidra a.out

Or, to encrypt and compress the binary and Jump Data Table (recommended, albeit increase in startup time):

./target/release/nanostorm -g /path/to/ghidra -e -c a.out

Next, compile the provided stub with the nanomite binary and its Jump Data table:

NANOSTORM_BIN=a.nanomites NANOSTORM_JDT=a.jdt cargo build --bin stub --release

Roadmap

  • Windows support (soon ™️)