Tylous / Ivy
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
☆20Updated last year
Related projects ⓘ
Alternatives and complementary repositories for Ivy
- Click Once + App Domain☆62Updated 11 months ago
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection☆53Updated 2 years ago
- HTML smuggling is not an evil, it can be useful☆13Updated last year
- DirSync is a simple proof of concept PowerShell module to demonstrate the impact of delegating DS-Replication-Get-Changes and DS-Replicat…☆27Updated last year
- Creation and removal of Defender path exclusions and exceptions in C#.☆30Updated last year
- Rewrite to fit my needs☆25Updated 4 months ago
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆37Updated 2 years ago
- C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)☆21Updated last year
- ☆58Updated 11 months ago
- ☆35Updated 2 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆77Updated last year
- Small project to facilitate creation of .lnk payloads☆62Updated 2 years ago
- A care package of useful bofs for red team engagments☆48Updated 2 years ago
- Scripts for public use that we've randomly written, or have updated from other people's work.☆38Updated 4 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 4 months ago
- Simple .NET loader for loading and executing Powershell payloads☆14Updated 3 years ago
- Bypassing Amsi using LdrLoadDll☆24Updated last month
- Bunch of BOF files☆24Updated 9 months ago
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆65Updated last year
- Python module for running BOFs☆64Updated last year
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆33Updated last year
- ☆59Updated 3 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆37Updated 10 months ago
- PowerShell script to terminate protected processes such as anti-malware and EDRs.☆27Updated last year
- Lateral Movement via the .NET Profiler☆76Updated 5 months ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆49Updated 2 years ago
- ☆28Updated 5 months ago
- Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL☆19Updated 2 years ago
- ☆24Updated 2 years ago
- Cobalt Strike BOF for quser.exe implementation using Windows API☆83Updated last year