Tylous / Ivy
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
☆20Updated last year
Alternatives and similar repositories for Ivy:
Users that are interested in Ivy are comparing it to the libraries listed below
- Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL☆21Updated 2 years ago
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection☆55Updated 3 years ago
- Create PDFs with HTML smuggling attachments that save on opening the document.☆29Updated last year
- A C# program featuring an all-in-one bypass for CLM, AppLocker and AMSI using Runspace.☆18Updated 2 years ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆84Updated 2 years ago
- HTML smuggling is not an evil, it can be useful☆13Updated 2 years ago
- A care package of useful bofs for red team engagments☆54Updated 3 months ago
- Items related to the RedELK workshop given at security conferences☆28Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆79Updated 2 years ago
- Excel Add In Payload Generator☆10Updated last year
- Rewrite to fit my needs☆27Updated 8 months ago
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆25Updated 2 years ago
- SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…☆33Updated 10 months ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆74Updated 2 years ago
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆33Updated last year
- This repository focuses on replicating the behavioral patterns observed in well-documented APT campaigns.☆11Updated this week
- Click Once + App Domain☆61Updated last year
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 8 months ago
- A tool for interacting with the Anti-Malware Scan Interface API for pen testing purposes.☆62Updated last year
- Python module for running BOFs☆69Updated last year
- ☆48Updated last year
- WhoAmI by asking the LDAP service on a domain controller.☆61Updated 3 years ago
- Simple .NET loader for loading and executing Powershell payloads☆16Updated 3 years ago
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆62Updated 3 months ago
- ☆47Updated 2 years ago
- Tool to aid in dumping LSASS process remotely☆38Updated 8 months ago
- AMSI Bypass for powershell☆30Updated 2 years ago
- LSTAR - CobaltStrike Translated to EN☆13Updated last year
- ☆59Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆69Updated 11 months ago