macro_pack
ViperMonkey
Our great sponsors
macro_pack | ViperMonkey | |
---|---|---|
4 | 1 | |
1,997 | 1,018 | |
- | - | |
0.0 | 0.0 | |
almost 2 years ago | about 1 month ago | |
Python | Python | |
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
macro_pack
- Docx, doc macro rev shell generator?
- hey guys which would be easier to make, a malicious docx or pdf?
- MacroPack - will simplify antimalware solutions bypass and automatize the process from vb source to final Office document or other maldoc payload type. This tool can be used for red teaming, pentests, demos, and social engineering assessments.
-
Trying to bypass Antivirus with a malicious Word document (VBA macro attack) stomped with EvilClippy
If you are new to macros and obfuscation in general I recommend you to not use meterpreter as your C2 because there are too many signatures for it. You need an AMSI bypass here + shellcode changes / in memory scanner evasion. Try some of the „newer“ C2 open source tools. If you are using a powershell stager you will most likely only need an AMSI bypass. Build the macro itself manually. You can obfuscate it afterwards using https://github.com/sevagas/macro_pack for example to change the signature. This should work for most AV vendors.
ViperMonkey
What are some alternatives?
Amsi-Bypass-Powershell - This repo contains some Amsi Bypass methods i found on different Blog Posts.
pyWhat - 🐸 Identify anything. pyWhat easily lets you identify emails, IP addresses, and more. Feed it a .pcap file or some text and it'll tell you what it is! 🧙♀️
boobsnail - BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.
unipacker - Automatic and platform-independent unpacker for Windows binaries based on emulation
git-xl - Git extension: Makes git-diff work for VBA in Excel workbooks (xls* file types)
oletools - oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
VBA-Macro-Reverse-Shell - Fully functioning reverse shell written entirely in VBA.
manticore - Symbolic execution tool
tibia_terminator - Auto-heal, auto-mana, auto-haste, auto-utamo, auto-amulet, auto-ring and auto-tank for Tibia Linux client.
verifydump - A tool for verifying that .chd/.rvz disc images match Redump Datfiles
pcodedmp - A VBA p-code disassembler
bind9_parser - Bind9 Parser in Python that can process all of ISC Bind configuration files