Nanostorm is an EDR evasion tool written in Rust for Windows and Linux binaries that places nanomites in the target executable, and packs and encrypts it.
Contributions are always welcome!
- Toggable ability to encrypt(
-e) and compress (-c) the binary, and jump data table - In memory execution of stub
- Ability to write your own stub, using
libnanomite - No current (as of Oct 2022) AV detections
First, compile nanostorm to create nanomite infected binaries. nanostorm requires the installation of Ghidra.
You will need to pass the path of _Ghidra) to nanostorm with -g /path/to/ghidra-root
cargo build --release --bin nanostormNext, you'll have to create a binary with nanomites:
./target/release/nanostorm -g /path/to/ghidra a.outOr, to encrypt and compress the binary and Jump Data Table (recommended, albeit increase in startup time):
./target/release/nanostorm -g /path/to/ghidra -e -c a.outNext, compile the provided stub with the nanomite binary and its Jump Data table:
NANOSTORM_BIN=a.nanomites NANOSTORM_JDT=a.jdt cargo build --bin stub --release- Windows support (soon ™️)