MSI-Exploit-k4

MSI-Explot-k4 Next-Gen Red Team Framework for MSI-Based Pr...

Acheron - Indirect Syscalls For AV/EDR Evasion In Go Assembly

Acheron is a library inspired by SysWhisper3/FreshyCalls/RecycledGate, with most of the functionality implemented in Go assembly. acheron package can be used to add indirect syscall capabilities to your Golang tradecraft, to bypass AV/EDRs that makes use of usermode hooks and instrumentation...

Uncommon infection methods—part 2

Introduction Although ransomware is still a hot topic on which we will keep on publishing, we also investigate and publish about other threats. Recently we explored the topic of infection methods, including malvertising and malicious downloads. In this blog post, we provide excerpts from the rece...

BeatRev - POC For Frustrating/Defeating Malware Analysts

BeatRev Version 2 Disclaimer/Liability The work that follows is a POC to enable malware to "key" itself to a particular victim in order to frustrate efforts of malware analysts. I assume no responsibility for malicious use of any ideas or code contained within this project. I provide this researc...

OffensiveVBA - Code Execution And AV Evasion Methods For Macros In Office Documents

In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code execution methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates - so this repo can be used for such. It is very far away from being...

Nimcrypt2 - .NET, PE, And Raw Shellcode Packer/Loader Written In Nim

Nimcrypt2 is yet another PE packer/loader designed to bypass AV/EDR. It is an improvement on my original Nimcrypt project, with the main improvements being the use of direct syscalls and the ability to load regular PE files as well as raw shellcode. Before going any further, I must acknowledge...

BRATA Android Trojan Updated with ‘Kill Switch’ that Wipes Devices

New variants of the BRATA banking trojan have been targeting global Android devices since November with advanced features, including the ability to wipe devices after stealing user data, tracking devices via GPS, and novel obfuscation techniques, researchers have found. The remote access trojan...

Purple Fox Rootkit Dropped by Malicious Telegram Installers

A malicious Telegram instant-messaging app installer scurries past a slew of antivirus AV engines to deliver Purple Fox malware, evading detection by separating the attack into bite-sized morsels that fly under the radar. In a Monday report, Minerva Labs said that the attack evades detection by A...

Experts Warn About Ongoing AutoHotkey-Based Malware Attacks

Cybersecurity researchers have uncovered an ongoing malware campaign that heavily relies on AutoHotkey AHK scripting language to deliver multiple remote access trojans RAT such as Revenge RAT, LimeRAT, AsyncRAT, Houdini, and Vjw0rm on target Windows systems. At least four different versions of th...

HTTP-revshell - Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware

HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV. Help server.py unisessio...

Faxhell - A Bind Shell Using The Fax Service And A DLL Hijack

A Proof-of-Concept bind shell using the Fax service and a DLL hijack based on Ualapi.dll. See our writeup at: https://windows-internals.com/faxing-your-way-to-system/ How to use Build Ualapi.dll and place in c:\windows\system32 Start the Fax service, which will load the DLL and call the export...

Stealthy Malware Flies Under AV Radar with Advanced Obfuscation

Researchers warn hackers are putting a new spin on old injection techniques and successfully end-running endpoint protection. They are tracking a campaign, that kicked off in January, that is still going strong exploiting weaknesses in web browsers. The objective is to hide in the background of...

CarbonCopy - A Tool Which Creates A Spoofed Certificate Of Any Online Website And Signs An Executable For AV Evasion

A tool which creates a spoofed certificate of any online website and signs an Executable for AV Evasion. Works for both Windows and Linux. Download CarbonCopy...

Phantom Evasion - Python AV Evasion Tool Capable To Generate FUD Executable Even With The Most Common 32 Bit Metasploit Payload (Exe/Elf/Dmg/Apk)

Phantom-Evasion is an interactive antivirus evasion tool written in python capable to generate almost FUD executable even with the most common 32 bit msfvenom payload lower detection ratio with 64 bit payloads. The aim of this tool is to make antivirus evasion an easy task for pentesters through...

Adwind RAT Scurries By AV Software With New DDE Variant

A newly-discovered spam campaign is spreading the Adwind 3.0 remote-access tool RAT – and using a fresh take on the Dynamic Data Exchange DDE code-injection technique for anti-virus evasion. The spam campaign features two types of droppers that leverage a new variant to the already-known DDE...

Luckystrike - A PowerShell based utility for the creation of malicious Office macro documents

A PowerShell based utility for the creation of malicious Office macro documents. To be used for pentesting or educational purposes only. Luckystrike is a menu-drive SET style PowerShell-based generator of malicious .xls and .doc documents. All your payloads are saved into a database for easy...

Advanced Stealthy Dropper: Dr0p1t Framework

Advanced Stealthy Dropper In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks. Features + Generated executable properties: The executable size is smaller compared to other...

HERCULES - A Special Payload Generator That Can Bypass Antivirus Softwares

HERCULES is a customizable payload generator that can bypass antivirus software. INSTALLATTION SUPPORTED PLATFORMS: Operative system | Version ---|--- Ubuntu | 16.04 / 15.10 Kali linux | Rolling / Sana Manjaro | Arch Linux | Black Arch | Parrot OS | 3.1 go get github.com/fatih/color go run Setup....

Special Customizable Payload Generator: Hercules

Special Customizable Payload Generator HERCULES is a special customizable payload generator that can bypass all antivirus software. Installation Supported Platforms: Operative system | Version ---|--- Ubuntu | 16.04 / 15.10 Kali linux | Rolling / Sana Manjaro | Arch Linux | Black Arch | Parrot OS...

Metasploit AV Evasion - Metasploit payload generator that avoids most Anti-Virus products

Metasploit payload generator that avoids most Anti-Virus products. Installing git clone https://github.com/nccgroup/metasploitavevasion.git chmod +x the avoid.sh file before use. How To Use ./avoid.sh Then follow the on screen prompts. Features Easily generate a Metasploit executable payload to...