Our great sponsors
-
macro_pack
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
If you are new to macros and obfuscation in general I recommend you to not use meterpreter as your C2 because there are too many signatures for it. You need an AMSI bypass here + shellcode changes / in memory scanner evasion. Try some of the „newer“ C2 open source tools. If you are using a powershell stager you will most likely only need an AMSI bypass. Build the macro itself manually. You can obfuscate it afterwards using https://github.com/sevagas/macro_pack for example to change the signature. This should work for most AV vendors.
Related posts
- Docx, doc macro rev shell generator?
- hey guys which would be easier to make, a malicious docx or pdf?
- MacroPack - will simplify antimalware solutions bypass and automatize the process from vb source to final Office document or other maldoc payload type. This tool can be used for red teaming, pentests, demos, and social engineering assessments.
- AD privEsc
- Pentest-tool: Simple web deployment for pentest and redteam with simwigo