From 7cbcb593a016f501d1437ab853aee7bb56ec84d5 Mon Sep 17 00:00:00 2001
From: whx <stefan@stefan.works>
Date: Sat, 18 Sep 2021 01:40:51 +0200
Subject: [PATCH] firmware

---
 misc/threat_intelligence/loki.md     |  1 +
 misc/threat_intelligence/yara.md     |  1 +
 persistence/wmi.md                   |  3 +++
 reverse_engineering/docs/firmware.md | 11 +++++++++++
 4 files changed, 16 insertions(+)
 create mode 100644 misc/threat_intelligence/loki.md
 create mode 100644 misc/threat_intelligence/yara.md
 create mode 100644 persistence/wmi.md
 create mode 100644 reverse_engineering/docs/firmware.md

diff --git a/misc/threat_intelligence/loki.md b/misc/threat_intelligence/loki.md
new file mode 100644
index 0000000..702c5b7
--- /dev/null
+++ b/misc/threat_intelligence/loki.md
@@ -0,0 +1 @@
+# Loki
diff --git a/misc/threat_intelligence/yara.md b/misc/threat_intelligence/yara.md
new file mode 100644
index 0000000..7188fa8
--- /dev/null
+++ b/misc/threat_intelligence/yara.md
@@ -0,0 +1 @@
+# Yara
diff --git a/persistence/wmi.md b/persistence/wmi.md
new file mode 100644
index 0000000..6d09ef1
--- /dev/null
+++ b/persistence/wmi.md
@@ -0,0 +1,3 @@
+# WMI Backdoor
+
+* [BlackHat 2015, Backdoor](https://github.com/mattifestation/WMI_Backdoor.git)
diff --git a/reverse_engineering/docs/firmware.md b/reverse_engineering/docs/firmware.md
new file mode 100644
index 0000000..fc7f12c
--- /dev/null
+++ b/reverse_engineering/docs/firmware.md
@@ -0,0 +1,11 @@
+# Reversing Firmware
+
+## Tools
+* binwalk
+* unlzma
+* tar
+* [fat](https://github.com/attify/firmware-analysis-toolkit.git)
+    * Create usable environment and start firmware inside it
+    ```sh
+    ./fat.py <firmware>
+    ```