qwqdanchun
/
BlackLotus
mirror of https://github.com/qwqdanchun/BlackLotus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update README.md

This commit is contained in:
Yukari 2023-07-12 13:26:05 -04:00 committed by GitHub
parent 68f2fe8e1c
commit d45b651276
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
README.md
View File

@ -1,2 +1,37 @@
# BlackLotus
BlackLotus UEFI Windows Bootkit
BlackLotus is an innovative UEFI Bootkit designed specifically for Windows. It incorporates a built-in Secure Boot bypass and Ring0/Kernel protection to safeguard against any attempts at removal. This software serves the purpose of functioning as an HTTP Loader. Thanks to its robust persistence, there is no necessity for frequent updates of the Agent with new encryption methods. Once deployed, traditional antivirus software will be incapable of scanning and eliminating it. The software comprises two primary components: the Agent, which is installed on the targeted device, and the Web Interface, utilized by administrators to manage the bots. In this context, a bot refers to a device equipped with the installed Agent.
## General
- Written in C and x86asm
- Utilizes on Windows API, NTAPI, EFIAPI (NO 3rd party libraries used),
- NO CRT (C Runtime Library).
- Compiled binary including the user-mode loader is only 80kb in size
- Uses secure HTTPS C2 communication by using RSA and AES encryption
- Dynamic configuration
## Features
- HVCI bypass
- UAC bypass
- Secure Boot bypass
- BitLocker boot sequence bypass
- Windows Defender bypass (patch Windows Defender drivers in memory, and prevent Windows Defender usermode engine from scanning/uploading files)
- Dynamic hashed API calls (hell's gate)
- x86<=>x64 process injection
- API Hooking engine
- Anti-Hooking engine (for disabling, bypassing, and controlling EDRs)
- Modular plugin system
Setup by modifying the config.c file by including your C2s hostname or IP address.
After that compliation should be easy, just keep the included settings in the Visual Studio solution.
## References
* Welivesecurity: https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed
* Binarly: https://www.binarly.io/posts/The_Untold_Story_of_the_BlackLotus_UEFI_Bootkit/index.html
* NSA Mitigation Guide: https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3435305/nsa-releases-guide-to-mitigate-blacklotus-threat
* TheHackerNews: https://thehackernews.com/2023/03/blacklotus-becomes-first-uefi-bootkit.html