optiv / Ivy
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
☆743Updated last year
Alternatives and similar repositories for Ivy:
Users that are interested in Ivy are comparing it to the libraries listed below
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆896Updated 8 months ago
- Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation☆951Updated 2 years ago
- SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.☆1,059Updated 10 months ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,179Updated last year
- A .NET Framework 4.0 Windows Agent☆463Updated this week
- My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+☆1,063Updated last year
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆696Updated 5 months ago
- Malleable C2 Profiles. A collection of profiles used in different projects using Cobalt Strike & Empire.☆352Updated last year
- Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands☆986Updated 3 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆1,280Updated last year
- Self-developed tools for Lateral Movement/Code Execution☆701Updated 3 years ago
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆737Updated last year
- Framework for Kerberos relaying☆891Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆901Updated 8 months ago
- ☆921Updated last month
- C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.☆389Updated 5 months ago
- Nim-based assembly packer and shellcode loader for opsec & profit☆460Updated last year
- Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…☆448Updated last year
- PIC lsass dumper using cloned handles☆580Updated 2 years ago
- Excel Macro Document Reader/Writer for Red Teamers & Analysts☆515Updated 3 years ago
- ☆506Updated 3 years ago
- FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads☆382Updated 2 years ago
- ☆759Updated 2 years ago
- Various ways to execute shellcode☆482Updated 11 months ago
- Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…☆850Updated 3 years ago
- Aims to identify sleeping beacons☆562Updated 2 months ago
- Some notes and examples for cobalt strike's functionality☆1,002Updated 3 years ago
- Another Windows Local Privilege Escalation from Service Account to System☆830Updated 2 years ago
- Cobalt Strike kit for Lateral Movement☆660Updated 4 years ago
- Proof-of-concept obfuscation toolkit for C# post-exploitation tools☆417Updated 2 years ago