| Private Declare PtrSafe Function isDbgPresent Lib "kernel32" Alias "IsDebuggerPresent" () As Boolean | |
| Public Function IsFileNameNotAsHexes() As Boolean | |
| Dim str As String | |
| Dim hexes As Variant | |
| Dim only_hexes As Boolean | |
| only_hexes = True | |
| hexes = Array("0", "1", "2", "3", "4", "5", "6", "7", _ | |
| "8", "9", "a", "b", "c", "d", "e", "f") |
| ' | |
| ' SYNOPSIS: | |
| ' This macro implements two windows persistence methods: | |
| ' - WMI Event Filter object creation | |
| ' - simple HKCU Registry Run value insertion. It has to be HKCU to make it work under Win10 x64 | |
| ' | |
| ' WMI Persistence method as originally presented by SEADADDY malware | |
| ' (https://github.com/pan-unit42/iocs/blob/master/seaduke/decompiled.py#L887) | |
| ' and further documented by Matt Graeber. | |
| ' |
Documentation for PIV: https://github.com/Yubico/yubikey-piv-manager/tree/master/doc
To manage the certificates: https://www.yubico.com/support/knowledge-base/categories/articles/unpair-yubikey-piv-login-macos-sierra/
Personnalization tool : https://itunes.apple.com/us/app/yubikey-personalization-tool/id638161122
Assumes were using Linux/Kali
Bash Bunny is an awesome little device by Hak5 and I wrote down a few notes to quickly get started.
Plug in arming mode (closest to computer) Download firmware from: https://wiki.bashbunny.com/#!downloads.md Check checksum Follow instructions of placing into root of bashbunny drive/folder and eject/plug back in