:cloud: nanostorm

Nanostorm is an EDR evasion tool written in Rust for Windows and Linux binaries that places nanomites in the target executable, and packs and encrypts it.

Badges

Authors

• @melotic -- https://melotic.xyz

Contributing

Contributions are always welcome!

Features

• Toggable ability to encrypt(-e) and compress (-c) the binary, and jump data table
• In memory execution of stub
• Ability to write your own stub, using libnanomite
• No current (as of Oct 2022) AV detections

Usage/Examples

First, compile nanostorm to create nanomite infected binaries. nanostorm requires the installation of Ghidra.

You will need to pass the path of _Ghidra) to nanostorm with -g /path/to/ghidra-root

cargo build --release --bin nanostorm

Next, you'll have to create a binary with nanomites:

./target/release/nanostorm -g /path/to/ghidra a.out

Or, to encrypt and compress the binary and Jump Data Table (recommended, albeit increase in startup time):

./target/release/nanostorm -g /path/to/ghidra -e -c a.out

Next, compile the provided stub with the nanomite binary and its Jump Data table:

NANOSTORM_BIN=a.nanomites NANOSTORM_JDT=a.jdt cargo build --bin stub --release

Roadmap

• Windows support (soon :tm:)