Stop! This text is only interesting for you if you...
- Like popping alerts in weird situations
- Miss CSS expressions as much as we do
- Have an unhealthy obsession for markup porn
Private Declare PtrSafe Function isDbgPresent Lib "kernel32" Alias "IsDebuggerPresent" () As Boolean | |
Public Function IsFileNameNotAsHexes() As Boolean | |
Dim str As String | |
Dim hexes As Variant | |
Dim only_hexes As Boolean | |
only_hexes = True | |
hexes = Array("0", "1", "2", "3", "4", "5", "6", "7", _ | |
"8", "9", "a", "b", "c", "d", "e", "f") |
' | |
' SYNOPSIS: | |
' This macro implements two windows persistence methods: | |
' - WMI Event Filter object creation | |
' - simple HKCU Registry Run value insertion. It has to be HKCU to make it work under Win10 x64 | |
' | |
' WMI Persistence method as originally presented by SEADADDY malware | |
' (https://github.com/pan-unit42/iocs/blob/master/seaduke/decompiled.py#L887) | |
' and further documented by Matt Graeber. | |
' |
Assumes were using Linux/Kali
Bash Bunny is an awesome little device by Hak5 and I wrote down a few notes to quickly get started.
Plug in arming mode (closest to computer) Download firmware from: https://wiki.bashbunny.com/#!downloads.md Check checksum Follow instructions of placing into root of bashbunny drive/folder and eject/plug back in