macro_pack
Python-Rootkit
Our great sponsors
macro_pack | Python-Rootkit | |
---|---|---|
4 | 2 | |
1,997 | 549 | |
- | - | |
0.0 | 1.8 | |
almost 2 years ago | 4 months ago | |
Python | Python | |
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
macro_pack
- Docx, doc macro rev shell generator?
-
Trying to bypass Antivirus with a malicious Word document (VBA macro attack) stomped with EvilClippy
If you are new to macros and obfuscation in general I recommend you to not use meterpreter as your C2 because there are too many signatures for it. You need an AMSI bypass here + shellcode changes / in memory scanner evasion. Try some of the „newer“ C2 open source tools. If you are using a powershell stager you will most likely only need an AMSI bypass. Build the macro itself manually. You can obfuscate it afterwards using https://github.com/sevagas/macro_pack for example to change the signature. This should work for most AV vendors.
Python-Rootkit
-
My first python project; a keylogger
As far as hiding it, you could try this to hide the window. You can also use Python-rootkit to hide the python process.
What are some alternatives?
Amsi-Bypass-Powershell - This repo contains some Amsi Bypass methods i found on different Blog Posts.
Basic-Keylogger
boobsnail - BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.
Pieta - A Remote Administration Tool (RAT)
ViperMonkey - A VBA parser and emulation engine to analyze malicious macros.
git-xl - Git extension: Makes git-diff work for VBA in Excel workbooks (xls* file types)
apooxml - Generate YARA rules for OOXML documents.
teleRAT - Telegram RAT written in Python
impfuzzy - Fuzzy Hash calculated from import API of PE files
tibia_terminator - Auto-heal, auto-mana, auto-haste, auto-utamo, auto-amulet, auto-ring and auto-tank for Tibia Linux client.
pcodedmp - A VBA p-code disassembler
VBA-Macro-Reverse-Shell - Fully functioning reverse shell written entirely in VBA.