m4ul3r

Make sure that you increase the amount of open file descriptors https://djangoadventures.com/how-to-increase-the-open-files-limit-on-ubuntu/

You need to adjust your `ulimit`: https://stackoverflow.com/questions/39537731/errno-24-too-many-open-files-but-i-am-not-opening-files

https://blog.zweinoch.de/posts/nim-hide-nimmain-in-dll/

@foxoman I enjoyed reading your write-up about hiding NimMain with a def file. I have an alternative solution here: https://github.com/us-cyber-team/nim_for_hackers2/blob/main/dll_example/strip_NimMain.nim and on slide 48 of the pdf in the repo....

A more permanent solution, is to modify the Nim compiler and force NimMain to always be `N_LIB_PRIVATE` for WinDlls https://github.com/nim-lang/Nim/blob/47594eb9091e788e672c1020f18d84a54bdcbf37/compiler/cgen.nim#L1610

@shrek3n @itaymigdal I just noticed this. I recently ported all of the variants over to Nim on my repo: https://github.com/m4ul3r/malware/tree/main/nim/thread_pool_injection I can get around to porting it over to nimless...

Will have to clean up quite a few things, but it should be possible  Edit: I have it cleaned up and will work on pushing an example for it...

@itaymigdal I can give a shot at remote stomping for poolparty technique when i get a chance. I'm sure you saw my port of it; I think it's pretty robust...

@itaymigdal port of pool party here: https://github.com/m4ul3r/malware/tree/main/nim/thread_pool_injection I followed Uriens code and it's very abstracted to just import nimpool and the type of variant to call. When you mentioned remote...

@itaymigdal I'm not sure if this is what you had in mind or not, but I've thrown one together (copy and paste) https://github.com/m4ul3r/malware/blob/main/nim/thread_pool_injection/examples/remote_function_stomping.nim I think my twitter dms were closed...