Update README.md
This commit is contained in:
parent
7c8ccc0f01
commit
a7d0f8ba7e
|
@ -1,6 +1,8 @@
|
|||
# BlackLotus
|
||||
BlackLotus is an innovative UEFI Bootkit designed specifically for Windows. It incorporates a built-in Secure Boot bypass and Ring0/Kernel protection to safeguard against any attempts at removal. This software serves the purpose of functioning as an HTTP Loader. Thanks to its robust persistence, there is no necessity for frequent updates of the Agent with new encryption methods. Once deployed, traditional antivirus software will be incapable of scanning and eliminating it. The software comprises two primary components: the Agent, which is installed on the targeted device, and the Web Interface, utilized by administrators to manage the bots. In this context, a bot refers to a device equipped with the installed Agent.
|
||||
|
||||
|
||||
**FYI**: This version of BlackLotus (v2) has removed baton drop, and replaced the original version SHIM loaders with bootlicker. UEFI loading, infection and post-exploitation persistence are all the same.
|
||||
|
||||
## General
|
||||
- Written in C and x86asm
|
||||
- Utilizes on Windows API, NTAPI, EFIAPI (NO 3rd party libraries used),
|
||||
|
@ -40,3 +42,5 @@ After that compliation should be easy, just keep the included settings in the Vi
|
|||
* NSA Mitigation Guide: https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3435305/nsa-releases-guide-to-mitigate-blacklotus-threat
|
||||
|
||||
* TheHackerNews: https://thehackernews.com/2023/03/blacklotus-becomes-first-uefi-bootkit.html
|
||||
|
||||
* Bootlicker: https://github.com/realoriginal/bootlicker
|
||||
|
|
Loading…
Reference in New Issue