optiv / Ivy
Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
☆744Updated last year
Alternatives and similar repositories for Ivy:
Users that are interested in Ivy are comparing it to the libraries listed below
- Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation☆938Updated 2 years ago
- SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.☆1,055Updated 9 months ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆890Updated 7 months ago
- Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime pat…☆847Updated 3 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆687Updated 4 months ago
- Framework for Kerberos relaying☆888Updated 2 years ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,171Updated last year
- Self-developed tools for Lateral Movement/Code Execution☆695Updated 3 years ago
- C# Azure Function with an HTTP trigger that generates obfuscated PowerShell snippets that break or disable AMSI for the current process.☆386Updated 4 months ago
- My collection of battle-tested Aggressor Scripts for Cobalt Strike 4.0+☆1,055Updated last year
- A .NET Framework 4.0 Windows Agent☆460Updated last week
- ☆906Updated last week
- Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories,…☆690Updated last year
- StandIn is a small .NET35/45 AD post-exploitation toolkit☆726Updated last year
- Get file less command execution for lateral movement.☆606Updated 2 years ago
- A method of bypassing EDR's active projection DLL's by preventing entry point exection☆1,124Updated 3 years ago
- ☆749Updated 2 years ago
- Various ways to execute shellcode☆476Updated 10 months ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆1,275Updated last year
- Another Windows Local Privilege Escalation from Service Account to System☆820Updated 2 years ago
- Azure Outlook Command & Control (C2) - Remotely control a compromised Windows Device from your Outlook mailbox. Threat Emulation Tool for…☆467Updated last year
- Python version of the C# tool for "Shadow Credentials" attacks☆650Updated last month
- Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands☆985Updated 3 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆895Updated 7 months ago
- Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, …☆832Updated 2 months ago
- Excel Macro Document Reader/Writer for Red Teamers & Analysts☆514Updated 2 years ago
- ☆505Updated 3 years ago
- Proof-of-concept obfuscation toolkit for C# post-exploitation tools☆416Updated 2 years ago
- Various Cobalt Strike BOFs☆600Updated 2 years ago