Tylous / Ivy
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
☆17Updated last year
Related projects: ⓘ
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆37Updated 2 years ago
- C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)☆21Updated last year
- Rewrite to fit my needs☆25Updated 2 months ago
- Python module for running BOFs☆63Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆77Updated last year
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆25Updated 2 years ago
- ☆57Updated 9 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection☆53Updated 2 years ago
- These are the slide decks and source code for Brute Ratel Seminar conducted on 24th August 2023. The youtube video for the seminar can be…☆18Updated last year
- Extension functionality for the NightHawk operator client☆26Updated 10 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 2 months ago
- Small project to facilitate creation of .lnk payloads☆60Updated last year
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆60Updated last year
- Click Once + App Domain☆61Updated 9 months ago
- A care package of useful bofs for red team engagments☆47Updated last year
- ☆47Updated last year
- ☆35Updated 2 years ago
- DirSync is a simple proof of concept PowerShell module to demonstrate the impact of delegating DS-Replication-Get-Changes and DS-Replicat…☆24Updated last year
- ☆18Updated last year
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆79Updated last year
- Some of the presentations, workshops, and labs I gave at public conferences.☆21Updated last week
- Tool for playing with Windows Access Token manipulation.☆50Updated last year
- This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for loc…☆50Updated last year
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆74Updated 10 months ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.☆11Updated 4 months ago
- ☆62Updated last month
- Lateral Movement via the .NET Profiler☆74Updated 3 months ago
- A pure C version of SymProcAddress☆23Updated 6 months ago