Und3rf10w

Overview

This guide assumes you already have Windows Terminal preview installed, Windows Subsystem for Linux activated, and kali installed. This configuration will likely work for any debian based distro, but we're going to use kali soely for an example.

On your windows machine

The only thing you need to do is install the "DejaVuSansMonoForPowerline NF" font onto your windows machine. You can grab the zip that contains this font here. You will want to specifically install the font called DejaVu Sans Mono for Powerline Nerd Font Complete Mono Windows Compatible.ttf.

On your windows terminal

Open your kali shell in the windows terminal. In the tabbed area, click the down arrow and select "Settings". This should open a notepad with the configuration file for the Windows Terminal. Scroll down to the section that has your kali installation and add a new directive with the following line:

	import re
	import argparse
	from shutil import copyfile

	boostnote_attachment_base_dir = "/path/to/Boostnote/attachments/"
	obsidian_note_attachment_dir = "/path/to/obsidian/notes/attachments/dir"
	orig_image_dir = "/path/where/original/boostnote/photos/are/stored"
	parser = argparse.ArgumentParser()
	required_args = parser.add_argument_group("Required Arguments")
	required_args.add_argument("-f", required=True, dest="input_file", help="Obsidian Markdown file to fix")

	import asyncio
	import random

	async def handler(_reader, writer):
	writer.write(b'HTTP/1.1 200 OK\r\n')
	try:
	while True:
	await asyncio.sleep(5)
	header = random.randint(0, 2**32)
	value = random.randint(0, 2**32)

	% change background color for inline code in
	% markdown files. The following code does not work well for
	% long text as the text will exceed the page boundary
	% Taken from: https://jdhao.github.io/2019/05/30/markdown2pdf_pandoc/
	\definecolor{bgcolor}{HTML}{E0E0E0}
	\let\oldtexttt\texttt

	\renewcommand{\texttt}[1]{
	\colorbox{bgcolor}{\oldtexttt{#1}}
	}

	import ctypes
	from ctypes import wintypes
	import struct

	source_file_name = "mimikatz.exe"
	target_file_name = "calc.exe"
	replacement_file_name = "Chrome.exe"


	nullptr = ctypes.c_void_p(0)

	# Author: @Und3rf10w
	# See: https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html
	# You'd still have to set up the client config and define certain parameters. Leaving this neutered as is for now

	import json
	import win32com.client
	import win32con, win32gui, win32print
	import win32api
	import os
	import traceback

	0: kd> dt -b nt!_IRP
	+0x000 Type : Int2B
	+0x002 Size : Uint2B
	+0x004 AllocationProcessorNumber : Uint2B
	+0x006 Reserved : Uint2B
	+0x008 MdlAddress : Ptr64
	+0x010 Flags : Uint4B
	+0x018 AssociatedIrp : <anonymous-tag>
	+0x000 MasterIrp : Ptr64
	+0x000 IrpCount : Int4B

	# Add this to .zshrc

	vtapidownload () {
	if [ "$#" -ne 2 ]; then
	echo "Get a download url for a sha256sum via VirusTotal\n\nUsage: vtapidownload <vtapikey> <sha256 sum of file>"
	else;
	curl -H "x-apikey: $1" https://www.virustotal.com/api/v3/files/$2/download_url
	fi
	}

	alpha_list = []
	for x in range(0x61,0x7a):
	alpha_list.append(chr(x))
	alpha_list.append(0) # To represent Null Bytes


	def generate_driver_name(current_pid, address_of_az_array):
	"""
	Generates the current driver name based off of the PID of hermeticWiper
	:param current_pid: The current Process ID of the HermeticWiper.exe

	# This script adds matrix-hookshot support via generic webhooks to Cobalt Strike
	# Ensure that you configure the variables necessary at the beginning
	# @Und3rf10w
	# Modified from @vysecurity 's pushover-ng.cna

	$version = "0.1a";

	##########################
	# MODIFY THESE VARIABLES #
	##########################