Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

C#

Erlang

PowerShell

Crystal

Dart

Groovy

Julia

C

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Dart

Rust

Swift

R

Racket

PowerShell

TypeScript

Elixir

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇱🇧 Lebanon

🇳🇬 Nigeria

🇩🇿 Algeria

🇲🇽 Mexico

🇵🇳 Pitcairn Islands

🇭🇺 Hungary

🇸🇾 Syria

🇲🇾 Malaysia

All Countries Compare Countries

IOActive/Platbox

Stars
161
Rank 233,432 (Top 5 %)
Language
Python
License
MIT License
Created about 2 years ago
Updated 6 months ago

IOActive/Platbox

IOActive

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

UEFI and SMM Assessment Tool

Platbox

UEFI and SMM Assessment Tool

Features

Platbox is a tool that helps assessing the security of the platform:

Dumps the platform registers that are interesting security-wise
- Flash Locks
- MMIO and Remapping Locks
- SMM Base and Locks
- MSRs
RW access to the PCI configuration space of devices.
RW to physical memory and virtual memory.
Allows allocating physical memory and map memory to usermode.
Read and Write MSRs.
Dump SPI Flash content (BIOS) into a file.
Basic dumb SMI Fuzzer.
Dump S3 Bootscript (from SMM-Lockbox) into a file.
Dump EFI Memory Map (Linux only for now).
List UEFI variables.
Supports Linux and Windows.
Supports Intel and AMD.

Example of 'chipset' command output for an AMD platform

Project Structure

The project is divided as follows:

PlatboxDrv: kernel drivers used for Linux and Windows.
PlatboxLib: the usermode component that loads the kernel driver and provides access to all the previously listed features.
PlatboxCli: a console client that uses the library.
Pocs: an example of a program using features from the libary.

Compilation Steps

Windows

mkdir build
cd build
cmake -G "Visual Studio 17 2022" -A x64 -S .. -B "build64"
cmake --build build64/ --target platbox_cli

Release Build

cmake -G "Visual Studio 17 2022" -A x64 -S .. -B "build64" 
cmake --build build64/ --target platbox_cli --config Release

jdwp-shellifier

XDiFF

Extended Differential Fuzzing Framework

RepoSsessed

A project designed to parse public source code repositories and find various types of vulnerabilities.

laf

This project intends to provide a series of tools to craft, parse, send, analyze and crack a set of LoRaWAN packets in order to audit or pentest the security of a LoraWAN infrastructure.

I-know-where-your-page-lives

I Know Where Your Page Lives: Derandomizing the latest Windows 10 Kernel - ZeroNights 2016

Melkor_ELF_Fuzzer

Melkor is a very intuitive and easy-to-use ELF file format fuzzer to find functional and security bugs in ELF parsers.

FuzzNDIS

A Fuzzer for Windows NDIS Drivers OID Handlers

kmdf_re

Helper idapython code for reversing kmdf drivers

BlueCrawl

Frida (Android) Script for extracting bluetooth information

FileFormatFuzzing

AOSP-DownloadProviderDbDumperSQLiWhere

PoC Exploiting SQL Injection in Android's Download Provider in Selection Parameter (CVE-2019-2198)

AOSP-ExploitUserDictionary

PoC Exploit for AOSP UserDictionary Content Provider (CVE-2018-9375)

SearchAndCollect

search and collect windows files from multiple locations on machine and store in one centralized directory

AOSP-DownloadProviderHijacker

PoC Exploiting Permission Bypass in Android's Download Provider (CVE-2018-9468)

AutoGadgetFS

USB testing framework

BurpJDSer-ng

Allows you to deserialize java objects to XML and lets you dynamically load classes/jars as needed

uefi_research

A repository with UEFI research stuff

Embedded-Defense

Sample embedded defense code for applications written in .NET, Java, PHP and Python.

PinguCrew

Paddo

Framework for auditing and conducting "padding oracle" attacks

AOSP-DownloadProviderDbDumper

PoC Exploiting SQL Injection in Android's Download Provider (CVE-2018-9493)

BlackHat_2017

Materials for "Go Nuclear: Breaking Radiation Monitoring Devices"

AOSP-DownloadProviderHeadersDumper

PoC Exploiting Headers Disclosure in Android's Download Provider (CVE-2018-9546)

NexusTacos

A vulnerability in the SNMP module of NX-OS could allow an unauthenticated, remote attacker to disclose potentially sensitive information.

FileSquattingExample

FileSquatting Exploitation by Example

HL7-Fuzzer

An HL7 message fuzzer ( client and server )

rubenBlackHat2018

Last Call For Satcom Security Materials

AOSP-DownloadProviderDbDumperSQLiLimit

PoC Exploiting SQL Injection in Android's Download Provider in Sort Parameter (CVE-2019-2196)