macro_pack
git-xl
Our great sponsors
macro_pack | git-xl | |
---|---|---|
4 | 2 | |
1,997 | 531 | |
- | 1.5% | |
0.0 | 1.5 | |
almost 2 years ago | about 2 months ago | |
Python | Python | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
macro_pack
- Docx, doc macro rev shell generator?
-
Trying to bypass Antivirus with a malicious Word document (VBA macro attack) stomped with EvilClippy
If you are new to macros and obfuscation in general I recommend you to not use meterpreter as your C2 because there are too many signatures for it. You need an AMSI bypass here + shellcode changes / in memory scanner evasion. Try some of the „newer“ C2 open source tools. If you are using a powershell stager you will most likely only need an AMSI bypass. Build the macro itself manually. You can obfuscate it afterwards using https://github.com/sevagas/macro_pack for example to change the signature. This should work for most AV vendors.
git-xl
We haven't tracked posts mentioning git-xl yet.
Tracking mentions began in Dec 2020.
What are some alternatives?
Amsi-Bypass-Powershell - This repo contains some Amsi Bypass methods i found on different Blog Posts.
boobsnail - BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.
ViperMonkey - A VBA parser and emulation engine to analyze malicious macros.
xlwings - xlwings is a Python library that makes it easy to call Python from Excel and vice versa. It works with Excel on Windows and macOS as well as with Google Sheets and Excel on the web.
VBA-Macro-Reverse-Shell - Fully functioning reverse shell written entirely in VBA.
tibia_terminator - Auto-heal, auto-mana, auto-haste, auto-utamo, auto-amulet, auto-ring and auto-tank for Tibia Linux client.
pcodedmp - A VBA p-code disassembler
Python-Rootkit - Python Remote Administration Tool (RAT) to gain meterpreter session
git-limiter - ⏱️ Tool to stop you from pushing huge diffs
PowerShell-Obfuscation-Bible - A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.
pyexcel - Single API for reading, manipulating and writing data in csv, ods, xls, xlsx and xlsm files