Tylous / Ivy
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
☆21Updated last year
Alternatives and similar repositories for Ivy:
Users that are interested in Ivy are comparing it to the libraries listed below
- Rewrite to fit my needs☆27Updated 7 months ago
- Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL☆21Updated 2 years ago
- Simple .NET loader for loading and executing Powershell payloads☆16Updated 3 years ago
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection☆54Updated 3 years ago
- Bunch of BOF files☆29Updated 2 months ago
- Click Once + App Domain☆62Updated last year
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆74Updated 2 years ago
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆36Updated 2 years ago
- ☆47Updated last year
- A care package of useful bofs for red team engagments☆54Updated 2 months ago
- Items related to the RedELK workshop given at security conferences☆28Updated last year
- Bypassing Amsi using LdrLoadDll☆37Updated last month
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 7 months ago
- ☆58Updated last year
- Python module for running BOFs☆69Updated last year
- Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain☆33Updated last year
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆83Updated 2 years ago
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆68Updated 10 months ago
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆25Updated 2 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆78Updated 2 years ago
- Excel Add In Payload Generator☆10Updated last year
- HTML smuggling is not an evil, it can be useful☆13Updated 2 years ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆42Updated last year
- Tool to aid in dumping LSASS process remotely☆38Updated 7 months ago
- ☆36Updated 2 years ago
- Run Cobalt Strike BOFs in Brute Ratel C4!☆62Updated last month
- These are the slide decks and source code for Brute Ratel Seminar conducted on 24th August 2023. The youtube video for the seminar can be…☆19Updated last year
- C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)☆22Updated last year
- Just another ntdll unhooking using Parun's Fart technique☆73Updated 2 years ago