Und3rf10w

## shitty_overlay.py
import tkinter as tk
from queue import Queue, Empty
import logging
import threading
import sys

# Configure stream redirection as a context manager
class StdoutRedirector:
    def __init__(self, write_func):
        self.write_func = write_func

## cuda_flowcontrol_xor_shellcode.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>

// CUDA runtime
#include <cuda_runtime.h>

__global__ void xorObfuscatePayload(char* data, int len, char key) {
    int idx = blockIdx.x * blockDim.x + threadIdx.x;

## Headscale setup.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              3 stars
            
          
                Und3rf10w
                / Headscale setup.md
            
            
              Last active
              April 21, 2024 06:17
            
              
                How to set up headscale with SWAG in docker-compose
              
          
    Overview

This document descrives the process of setting up headscale with swag, using letsencrypt certs.
This assumes you have a subdomain (e.g. wg.example.com) pointing to your SWAG instance and want to use it as a reverse proxy.
Swag .env

Add the subdomain for your desired headscale domain to your .env file.
For example:
SWAG_EXTRA_DOMAINS=wg.example.com

  
## DynamicStructResolution.go
package main

import (
	"fmt"
)

type methodArgumentsInterface interface {
	determineStruct() interface{}
}

## extract_msft_graph_content_bytes_from_odata_response.sh
for line in `cat response.json| jq '.value[].contentBytes'`; do
  echo $line | tr -d '"' | base64 -d > $(echo -n $line | cut -c2-5).file;
done

## notify-matrix-hookshot.cna
# This script adds matrix-hookshot support via generic webhooks to Cobalt Strike
# Ensure that you configure the variables necessary at the beginning
# @Und3rf10w
# Modified from @vysecurity 's pushover-ng.cna

$version = "0.1a";

##########################
# MODIFY THESE VARIABLES #
##########################

## HermeticWiper Driver Name Resolver.py
alpha_list = []
for x in range(0x61,0x7a):
    alpha_list.append(chr(x))
    alpha_list.append(0) # To represent Null Bytes


def generate_driver_name(current_pid, address_of_az_array):
    """
    Generates the current driver name based off of the PID of hermeticWiper
    :param current_pid: The current Process ID of the HermeticWiper.exe

## vtapi.zsh
# Add this to .zshrc

vtapidownload () {
    if [ "$#" -ne 2 ]; then
        echo "Get a download url for a sha256sum via VirusTotal\n\nUsage: vtapidownload <vtapikey> <sha256 sum of file>"
    else;
        curl -H "x-apikey: $1" https://www.virustotal.com/api/v3/files/$2/download_url
    fi
}

## IRP Structure
0: kd> dt -b nt!_IRP
   +0x000 Type             : Int2B
   +0x002 Size             : Uint2B
   +0x004 AllocationProcessorNumber : Uint2B
   +0x006 Reserved         : Uint2B
   +0x008 MdlAddress       : Ptr64
   +0x010 Flags            : Uint4B
   +0x018 AssociatedIrp    : <anonymous-tag>
      +0x000 MasterIrp        : Ptr64
      +0x000 IrpCount         : Int4B

## biopass_rat_obs_open.py
# Author: @Und3rf10w
# See: https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html
# You'd still have to set up the client config and define certain parameters. Leaving this neutered as is for now

import json
import win32com.client
import win32con, win32gui, win32print
import win32api
import os
import traceback
	import tkinter as tk
	from queue import Queue, Empty
	import logging
	import threading
	import sys

	# Configure stream redirection as a context manager
	class StdoutRedirector:
	def __init__(self, write_func):
	self.write_func = write_func
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <windows.h>

	// CUDA runtime
	#include <cuda_runtime.h>

	__global__ void xorObfuscatePayload(char* data, int len, char key) {
	int idx = blockIdx.x * blockDim.x + threadIdx.x;
	package main

	import (
	"fmt"
	)

	type methodArgumentsInterface interface {
	determineStruct() interface{}
	}
	for line in `cat response.json\| jq '.value[].contentBytes'`; do
	echo $line \| tr -d '"' \| base64 -d > $(echo -n $line \| cut -c2-5).file;
	done
	# This script adds matrix-hookshot support via generic webhooks to Cobalt Strike
	# Ensure that you configure the variables necessary at the beginning
	# @Und3rf10w
	# Modified from @vysecurity 's pushover-ng.cna

	$version = "0.1a";

	##########################
	# MODIFY THESE VARIABLES #
	##########################
	alpha_list = []
	for x in range(0x61,0x7a):
	alpha_list.append(chr(x))
	alpha_list.append(0) # To represent Null Bytes


	def generate_driver_name(current_pid, address_of_az_array):
	"""
	Generates the current driver name based off of the PID of hermeticWiper
	:param current_pid: The current Process ID of the HermeticWiper.exe
	# Add this to .zshrc

	vtapidownload () {
	if [ "$#" -ne 2 ]; then
	echo "Get a download url for a sha256sum via VirusTotal\n\nUsage: vtapidownload <vtapikey> <sha256 sum of file>"
	else;
	curl -H "x-apikey: $1" https://www.virustotal.com/api/v3/files/$2/download_url
	fi
	}
	0: kd> dt -b nt!_IRP
	+0x000 Type : Int2B
	+0x002 Size : Uint2B
	+0x004 AllocationProcessorNumber : Uint2B
	+0x006 Reserved : Uint2B
	+0x008 MdlAddress : Ptr64
	+0x010 Flags : Uint4B
	+0x018 AssociatedIrp : <anonymous-tag>
	+0x000 MasterIrp : Ptr64
	+0x000 IrpCount : Int4B
	# Author: @Und3rf10w
	# See: https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html
	# You'd still have to set up the client config and define certain parameters. Leaving this neutered as is for now

	import json
	import win32com.client
	import win32con, win32gui, win32print
	import win32api
	import os
	import traceback