As usual, always test on a controlled environment first. Running powershell "inthread" twice will unfortunately result in a crash due to the thread name being set twice.- -

The change is pretty simple but I still think it's interesting. Available under --inthread, obviously not compatible with --timeout so be careful what you run.

After a bit of trickery (inline-assembly and stack pivoting), No-Consolation can now run a PE within the main thread, meaning no new threads are created.

This is still a bit experimental so use with caution, DLLs that use the Thread Local Storage are not supported. Have fun!.

Running mimikatz with --load-all-dependencies results in more than 250 (!) DLLs being custom loaded. Everything is offloaded automatically once execution is over.

With NoConsolation you can now custom load all the dependencies from the PE you are going to execute, ensuring no image load events!.

Many thanks to @_batsec_ for his work on DarkLoadLibrary! This feature would not exist without it.

🔥 Finally added support for linking the PE to the PEB on NoConsolation (under --link-to-peb).I also included some fixes and QoL improvements :^).

It basically boils down to registering the PE's exception directory on the inverted function table list, using a custom implementation of ntdll!RtlpInsertInvertedFunctionTableEntry.

Just added support for C++ exceptions to No-Consolation, it is still experimental but has been interesting playing with it so far.

Got some free time and added a requested feature to NoConsolation. Now binaries are automatically encrypted and stored in memory, so they don't need to be sent each time. Have fun!.

Many thanks to @Octoberfest73 for the original research. Direct link to the tool, named No-Consolation:.

🔥 New blogpost 🔥.Running PEs inline without a console. You now can, for example, run PowerShell in CobaltStrike and obtain its output without spawning any process (including conhost.exe).

RT @icyguider: I just got fired from my job today without warning. 😬 Really crazy. Anyway. If anyone is looking for a pentester, red team….

RT @C5pider: The Havoc Framework 0.6 Hierophant Green. - stack duplication.- refactored/rewrote indirect syscalls.- proxy library loading.-….

RT @BlueSpaceSec: Ya mandaste tu charla para el #BlueSpace2023 de esta @ekoparty? A qué estás esperando? Dejanos tu propuesta de charla, mi….

Added support for the clang compiler to nanodump. For those doing compile time obfuscation 🙂.

Needless to say, all the credit goes to @itm4n for this incredible work and research.

Also, several improvements where made to the SSP module, which should be a lot easier to use now.

🔥 Big update!.Nanodump now supports the PPLMedic exploit!.meaning you can dump LSASS on an up-to-date system with PPL enabled 😃.