Persist data in UEFI NVRAM variables.
- Stealthy way to store secrets and other data in UEFI.
- Will survive a reimaging of the operating system.
Jackson T. jthuraisamy
jthuraisamy
/ _README.md
Last active
August 17, 2023 13:09
GospelRoom: Data Storage in UEFI NVRAM Variables
jthuraisamy
/ loaded_psp_drivers.cpp
Last active
October 15, 2023 03:01
Loaded Security Product Drivers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <ImageHlp.h> | |
| #include <strsafe.h> | |
| #include "loaded_psp_drivers.h" | |
| #include <set> | |
| #include <string> | |
| #include <algorithm> | |
| #pragma comment(lib, "crypt32.lib") |
jthuraisamy
/ highlight_calls.py
Created
April 4, 2018 01:39
IDAPython Script to highlight function calls.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| IDAPython Script to highlight function calls. | |
| Re-implemented by jthuraisamy (not the original author). | |
| Install to %IDADIR%\plugins\highlight_calls.py. | |
| Run by pressing Ctrl+Alt+H or go to Options -> Highlight Call Instructions. | |
| """ | |
| class HighlightHandler(idaapi.action_handler_t): |
OlderNewer