Tylous / Ivy
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
☆21Updated last year
Alternatives and similar repositories for Ivy:
Users that are interested in Ivy are comparing it to the libraries listed below
- Rewrite to fit my needs☆27Updated 6 months ago
- Bypassing Amsi using LdrLoadDll☆32Updated 3 weeks ago
- Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL☆20Updated 2 years ago
- Click Once + App Domain☆63Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆68Updated 8 months ago
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection☆53Updated 2 years ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆71Updated last year
- Python module for running BOFs☆64Updated last year
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆33Updated last year
- Excel Add In Payload Generator☆10Updated last year
- ☆31Updated 2 months ago
- C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)☆22Updated last year
- ☆35Updated 2 years ago
- Create PDFs with HTML smuggling attachments that save on opening the document.☆29Updated last year
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆25Updated 2 years ago
- ☆47Updated last year
- A VSCode devcontainer for development of COFF files with batteries included.☆47Updated last year
- Items related to the RedELK workshop given at security conferences☆27Updated last year
- Creation and removal of Defender path exclusions and exceptions in C#.☆30Updated last year
- Simple .NET loader for loading and executing Powershell payloads☆15Updated 3 years ago
- A care package of useful bofs for red team engagments☆54Updated last month
- Determine if the WebClient Service (WebDAV) is running on a remote system☆17Updated 10 months ago
- ☆58Updated last year
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆83Updated 2 years ago
- HTML smuggling is not an evil, it can be useful☆13Updated 2 years ago
- Bunch of BOF files☆27Updated last month
- A third-party Gopher Assassin for the Havoc Framework.☆45Updated last year
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 6 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆38Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆78Updated 2 years ago