-
Notifications
You must be signed in to change notification settings - Fork 817
/
CREDITS.txt
16 lines (15 loc) · 1.09 KB
/
CREDITS.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Special thanks to the following:
Matthew Graeber for the powershell injection technique (http://www.exploit-monday.com/)
Matthew Graeber for the Cert to Binary attack vector
Josh Kelley and David Kennedy for Defcon 18 presentation (powershell encodedcommand bypass)
Justin Elze for the HTA Attack vector
curi0usJack for github pull requests
Shawn Sullivan from TrustedSec for the Obfsucation Help
Sensepost blog: https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
Download/Exec shellcode: https://www.exploit-db.com/exploits/24318/
DDE Evasion Techniques: http://staaldraad.github.io/2017/10/23/msword-field-codes/
Daniel Bohannon for the switch commands
Matt Nelson (enigma0x3) for this: https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39
AMSI Bypass Technique: https://0x00-0x00.github.io/research/2018/10/28/How-to-bypass-AMSI-and-Execute-ANY-malicious-powershell-code.html and https://www.cyberark.com/threat-research-blog/amsi-bypass-redux/
Carlos Perez (@carlos_perez) for the PowerShell ninja knowledge
Kevin Haubris for the help on the evasion techniques in Unicorn