Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environment to load, decrypt and execute shellcode.
☆745Aug 18, 2023Updated 2 years ago
Alternatives and similar repositories for Ivy
Users that are interested in Ivy are comparing it to the libraries listed below
Sorting:
- ScareCrow - Payload creation framework designed around EDR bypass.☆2,874Aug 18, 2023Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,006Jun 4, 2024Updated last year
- KaynLdr is a Reflective Loader written in C/ASM☆555Dec 3, 2023Updated 2 years ago
- evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)☆1,498Dec 21, 2023Updated 2 years ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆1,097Jun 10, 2024Updated last year
- SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.☆1,201Apr 16, 2025Updated 10 months ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆536Aug 1, 2022Updated 3 years ago
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆1,401Nov 22, 2023Updated 2 years ago
- Inject .NET assemblies into an existing process☆508Jan 19, 2022Updated 4 years ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,370Oct 27, 2023Updated 2 years ago
- Template-Driven AV/EDR Evasion Framework☆1,779Nov 3, 2023Updated 2 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆501Jan 25, 2022Updated 4 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆1,470Aug 18, 2023Updated 2 years ago
- The swiss army knife of LSASS dumping☆2,072Sep 17, 2024Updated last year
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆499Feb 3, 2022Updated 4 years ago
- ☆1,787Aug 30, 2024Updated last year
- Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs☆1,230Aug 18, 2023Updated 2 years ago
- Remote operations commands implemented using Beacon Object Files☆1,120Updated this week
- Cobalt Strike BOF that spawns a sacrificial process, injects it with shellcode, and executes payload. Built to evade EDR/UserLand hooks b…☆470Mar 8, 2023Updated 2 years ago
- Nim-based assembly packer and shellcode loader for opsec & profit☆488Feb 24, 2023Updated 3 years ago
- FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads☆385Apr 16, 2022Updated 3 years ago
- KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default…☆1,630Aug 6, 2022Updated 3 years ago
- OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team…☆820Oct 27, 2023Updated 2 years ago
- ☆540Nov 20, 2021Updated 4 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆771Sep 4, 2024Updated last year
- Framework for Kerberos relaying☆937May 29, 2022Updated 3 years ago
- ☆2,168Feb 21, 2023Updated 3 years ago
- Open-Source Shellcode & PE Packer☆2,069Feb 3, 2024Updated 2 years ago
- C# Reflective loader for unmanaged binaries.☆446Jan 25, 2023Updated 3 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆337Jan 16, 2022Updated 4 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- A tool to kill antimalware protected processes☆1,506Jun 19, 2021Updated 4 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆824Aug 23, 2021Updated 4 years ago
- ☆208Feb 24, 2022Updated 4 years ago
- .NET, PE, & Raw Shellcode Packer/Loader Written in Nim☆816Jan 20, 2023Updated 3 years ago
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,255Aug 27, 2023Updated 2 years ago
- A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from …☆1,080Jul 26, 2021Updated 4 years ago
- Windows Privilege Escalation from User to Domain Admin.☆1,439Dec 18, 2022Updated 3 years ago
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,592Jul 31, 2024Updated last year