Skip to content

An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.

License

Notifications You must be signed in to change notification settings

melotic/nanostorm

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

☁️ nanostorm

Nanostorm is an EDR evasion tool written in Rust for Windows and Linux binaries that places nanomites in the target executable, and packs and encrypts it.

Badges

GitHub Workflow Status GPLv3 License

Authors

Contributing

Contributions are always welcome!

Features

  • Toggable ability to encrypt(-e) and compress (-c) the binary, and jump data table
  • In memory execution of stub
  • Ability to write your own stub, using libnanomite
  • No current (as of Oct 2022) AV detections

Usage/Examples

First, compile nanostorm to create nanomite infected binaries. nanostorm requires the installation of Ghidra.

You will need to pass the path of _Ghidra) to nanostorm with -g /path/to/ghidra-root

cargo build --release --bin nanostorm

Next, you'll have to create a binary with nanomites:

./target/release/nanostorm -g /path/to/ghidra a.out

Or, to encrypt and compress the binary and Jump Data Table (recommended, albeit increase in startup time):

./target/release/nanostorm -g /path/to/ghidra -e -c a.out

Next, compile the provided stub with the nanomite binary and its Jump Data table:

NANOSTORM_BIN=a.nanomites NANOSTORM_JDT=a.jdt cargo build --bin stub --release

Roadmap

  • Windows support (soon ™️)

About

An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published