Published By
Created On
12 Feb 2020 03:37:44 UTC
Transaction ID
Cost
Safe for Work
Free
Yes
TheFatRat?Office?EvilClippy?MicroSploit??Windows 10 [2019]✅
#TheFatRat #EvilClippy #MicroSploit
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
https://github.com/outflanknl/EvilClippy
Evil Clippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
If you're new to this tool, you might want to start by reading our blog post on Evil Clippy: https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant/
This project should be used for authorized testing or educational purposes only.
Current features
Hide VBA macros from the GUI editor
VBA stomping (P-code abuse)
Fool analyst tools
Serve VBA stomped templates via HTTP
Set/Remove VBA Project Locked/Unviewable Protection
If you have no idea what all of this is, check out the following resources first:
Our MS Office Magic Show presentation at Derbycon 2018
VBA stomping resources by the Walmart security team
Pcodedmp by Dr. Bontchev
How effective is this?
At the time of writing, this tool is capable of getting a default Cobalt Strike macro to bypass all major antivirus products and most maldoc analysis tools (by using VBA stomping in combination with random module names).
Technology
Evil Clippy uses the OpenMCDF library to manipulate MS Office Compound File Binary Format (CFBF) files, and hereto abuses MS-OVBA specifications and features. It reuses code from Kavod.VBA.Compression to implement the compression algorithm that is used in dir and module streams (see MS-OVBA for relevant specifications).
Evil Clippy compiles perfectly fine with the Mono C# compiler and has been tested on Linux, OSX and Windows.
Compilation
A cross-platform compiled binary can be found under "releases".
OSX and Linux Make sure you have Mono installed. Then execute the following command from the command line:
mcs /reference:OpenMcdf.dll,System.IO.Compression.FileSystem.dll /out:EvilClippy.exe *.cs
Now run Evil Clippy from the command line:
mono EvilClippy.exe -h
Windows Make sure you have Visual Studio installed. Then execute the following command from a Visual Studio developer command prompt:
csc /reference:OpenMcdf.dll,System.IO.Compression.FileSystem.dll /out:EvilClippy.exe *.cs
Now run Evil Clippy from the command line:
EvilClippy.exe -h
Usage examples
Print help
EvilClippy.exe -h
Hide/Unhide macros from GUI
Hide all macro modules (except the default "ThisDocument" module) from the VBA GUI editor. This is achieved by removing module lines from the project stream [MS-OVBA 2.3.1].
EvilClippy.exe -g macrofile.doc
Undo the changes done by the hide option (-g) so that we can debug the macr
...
https://www.youtube.com/watch?v=8VR-E6dyqVQ
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
https://github.com/outflanknl/EvilClippy
Evil Clippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
If you're new to this tool, you might want to start by reading our blog post on Evil Clippy: https://outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant/
This project should be used for authorized testing or educational purposes only.
Current features
Hide VBA macros from the GUI editor
VBA stomping (P-code abuse)
Fool analyst tools
Serve VBA stomped templates via HTTP
Set/Remove VBA Project Locked/Unviewable Protection
If you have no idea what all of this is, check out the following resources first:
Our MS Office Magic Show presentation at Derbycon 2018
VBA stomping resources by the Walmart security team
Pcodedmp by Dr. Bontchev
How effective is this?
At the time of writing, this tool is capable of getting a default Cobalt Strike macro to bypass all major antivirus products and most maldoc analysis tools (by using VBA stomping in combination with random module names).
Technology
Evil Clippy uses the OpenMCDF library to manipulate MS Office Compound File Binary Format (CFBF) files, and hereto abuses MS-OVBA specifications and features. It reuses code from Kavod.VBA.Compression to implement the compression algorithm that is used in dir and module streams (see MS-OVBA for relevant specifications).
Evil Clippy compiles perfectly fine with the Mono C# compiler and has been tested on Linux, OSX and Windows.
Compilation
A cross-platform compiled binary can be found under "releases".
OSX and Linux Make sure you have Mono installed. Then execute the following command from the command line:
mcs /reference:OpenMcdf.dll,System.IO.Compression.FileSystem.dll /out:EvilClippy.exe *.cs
Now run Evil Clippy from the command line:
mono EvilClippy.exe -h
Windows Make sure you have Visual Studio installed. Then execute the following command from a Visual Studio developer command prompt:
csc /reference:OpenMcdf.dll,System.IO.Compression.FileSystem.dll /out:EvilClippy.exe *.cs
Now run Evil Clippy from the command line:
EvilClippy.exe -h
Usage examples
Print help
EvilClippy.exe -h
Hide/Unhide macros from GUI
Hide all macro modules (except the default "ThisDocument" module) from the VBA GUI editor. This is achieved by removing module lines from the project stream [MS-OVBA 2.3.1].
EvilClippy.exe -g macrofile.doc
Undo the changes done by the hide option (-g) so that we can debug the macr
...
https://www.youtube.com/watch?v=8VR-E6dyqVQ
Author
Content Type
Unspecified
video/mp4
Language
Unspecified
More from the publisher
Controlling
VIDEO
?WINP
winpayloads-kali-linux-2019
#Winpayloads #Windows #KaliLinux
What is WinPayloads?
Undetectable Windows Payload Generation
https://github.com/nccgroup/Winpayloads
Winpayloads - Python2.7
Undetectable Windows Payload Generation with extras Running on Python2.7
As usual, Don't upload payloads to any online virus checkers
#MUSIC: Jarico - U (Original Mix)
Docker!
Normal installation is deprecated, Please use docker now.
docker pull charliedean07/winpayloads:latest
docker run -e LANG=C.UTF-8 --net=host -it charliedean07/winpayloads
Features
#UACBypass - PowerShellEmpire https://github.com/PowerShellEmpire/Empire/raw/master/data/module_source/privesc/Invoke-BypassUAC.ps1 Copyright (c) 2015, Will Schroeder and Justin Warner. All rights reserved.
#PowerUp - PowerShellEmpire https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1 Copyright (c) 2015, Will Schroeder and Justin Warner. All rights reserved.
Invoke-#Shellcode https://github.com/PowerShellMafia/PowerSploit/blob/master/CodeExecution/Invoke-Shellcode.ps1 Copyright (c) 2012, Matthew Graeber. All rights reserved.
Invoke-#Mimikatz https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1 Copyright (c) 2012, Matthew Graeber. All rights reserved.
Invoke-EventVwrBypass https://github.com/enigma0x3/Misc-PowerShell-Stuff/blob/master/Invoke-EventVwrBypass.ps1 Matt Nelson (@enigma0x3)
#Persistence - Adds payload persistence on reboot
#Psexec Spray - Spray hashes until successful connection and
psexec payload on target
Upload to local webserver - Easy deployment
#Powershell stager - allows invoking payloads in memory & more
Anti #sandboxing techniques
Custom #shellcode
#Munya
Munya
persistence
#persistence
kali
#kali
linux
#linux
bypass
#bypass
python
#python
undetectable
#undetectable
antivirus
#antivirus
#uac
uac
windows
#windows
msfconsole
#msfconsole
#metsploit
metasploit
powershell
#powershell
netsec
#netsec
...
https://www.youtube.com/watch?v=uS2b6UNqi88
Transaction
Created
2 weeks ago
Content Type
Language
video/mp4
Controlling
VIDEO
BLOCK
blocking-robo-callers-on-iphone-x-with
#iphonex #wideprotect #robocallers
How to block robo callers on iphone x with wide protect:
Step 1: Download https://itunes.apple.com/us/app/wideprotect-spam-call-blocker/id1171024059?mt=8
Step 2: Enable all the ranges to block all robo callers, and done.
...
https://www.youtube.com/watch?v=PKbpfkigSz4
Transaction
Created
2 weeks ago
Content Type
Language
video/mp4
Controlling
VIDEO
?GETW
getwin-fud-wan-payload-generator-windows
#GetWin #Windows 10 #NetCat
Best Price & Best VPN?
https://www.ivacy.com/special-offer-vpn/?aff=90669
Discord: https://discord.gg/MABpJvc
GetWin FUD Payload Generator | Hack Windows WAN
thelinuxchoice/getwin
GetWin v1.0 FUD
FUD Win32 payload generator and listener
https://github.com/thelinuxchoice/getwin
Legal disclaimer:
Usage of GetWin for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
Features
FUD : Fully Undetectable
No Need configure port forwarding, or install others programs, using only ssh and serveo.net.
Usage:
git clone https://github.com/thelinuxchoice/getwin
cd getwin
bash getwin.sh
Install requirements (mingw-w64):
sudo apt-get install mingw-w64
#munya
munya
God Bless U Productions 2019
...
https://www.youtube.com/watch?v=PDi_0T6ZlL4
Transaction
Created
2 weeks ago
Content Type
Language
video/mp4
Controlling
VIDEO
?#VEN
venomgen-windows-kalilinux-2019-1
#VenomGen #Windows #KaliLinux #Kali #Linux
MSFVenom Payload Generator and WAN Listener
https://github.com/thelinuxchoice/venomgen
#MSF
#MSFVenom #PayloadGenerator #WAN
#Payload
#Music
Music:
TroyBoi - Mantra
#TroyBoi
#Mantra
#Venom
#generator
Venom
Generator
Payload Gen
#Windows7
#Win7
Win7
Windows
#thelinuxchoice
thelinuxchoice
#munya
...
https://www.youtube.com/watch?v=FsnTAOgGb-8
Transaction
Created
2 weeks ago
Content Type
Language
video/mp4
Controlling
VIDEO
NYAN
NYAN--CAT-VBS-Crypter-njRAT-FUD---2020-
Nyan CAT VBS Crypter njRAT FUD
Transaction
Created
2 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
LAZY
lazy-script-v2-1-4-kali-linux-2018
#LAZY #KaliLinux
Disclaimer this is meant for educational purposes only.
All tests are run and conducted on my own computer lab.
I am not responsible nor i am liable for what this tool is used for.
Credits:
https://github.com/arismelachroinos/lscript
...
https://www.youtube.com/watch?v=mfgRGyDL0CQ
Transaction
Created
2 weeks ago
Content Type
Language
video/mp4
Controlling
VIDEO
WE BU
we-buy-houses-fast-cash-riverside-ca-san
Need to Your SoCal House Fast Cash?
http://www.ibuyandsellhousesincali.com/sell-your-house/
We Buy Houses "As-Is" & We Pay Cash. Call Today For A Free Quote!
No Repairs, Painting or Cleaning! Receive a Cash Offer Within 24 hrs.
Services: No Commission, No Closing Costs, Deals Within Days, Sell in Any Condition, No Realtor Needed.
We Buy Any Condition. Any Equity. Riverside. San-Bernardino. Inland Empire. Cali.California.Southern California. Home Buyer! House Buyer!
...
https://www.youtube.com/watch?v=tX3tPVxUsJ8
Transaction
Created
2 weeks ago
Content Type
Language
video/mp4
Controlling
VIDEO
?UPDA
update-kali-linux-2019-4-to-kali-linux
#KaliLinux #Kali #Linux
https://www.kali.org/releases/kali-linux-2020-1-release/
Kali Linux 2020.1 Release
January 28, 2020
g0tmi1k
Kali Linux Releases
We are here to kick off our first release of the decade, with Kali Linux 2020.1! Available for immediate download.
The following is a brief feature summary for this release:
Non-Root by default
Kali single installer image
Kali NetHunter Rootless
Improvements to theme & kali-undercover
New tools.
Kali as your Main OS
So with this, should you use Kali as your daily driver, as the primary OS? It’s up to you.
There wasn’t anything really stopping you before, we just don’t encourage it. We still don’t. But its a helping hand for the people who are familiar with Kali enough.
Why do we not recommend it?
Because we are unable to test for that usage pattern and we don’t want the influx of bug reports that would come with it.
If you are brave enough to try it, you may wish to switch the branch from “rolling” to “kali-last-snapshot” to try and be more stable.
Non-Root
Throughout the history of Kali (and its predecessors BackTrack, WHAX, and Whoppix), the default credentials have been root/toor. This is no more. We are no longer using the superuser account, root, as default in Kali 2020.1. The default user account is now a standard, unprivileged, user.
For more of the reasons behind this switch, please see our previous blog post. As you can imagine, this is a very large change, with years of history behind it. As a result, if you notice any issues with this, please do let us know on the bug tracker.
root/toor is dead. Long live kali/kali.
Kali Linux 2020.1
#munya
munya
God Bless U Productions 2020
...
https://www.youtube.com/watch?v=tCiE35XHPUI
Transaction
Created
2 weeks ago
Content Type
Language
video/mp4
Controlling
VIDEO
SELL
sell-your-house-happy-easter-951-389
Sell Your House|Happy Easter!
https://codings9.wixsite.com/sellyourhousefast
...
https://www.youtube.com/watch?v=au_J2ITDHP8
Transaction
Created
2 weeks ago
Content Type
Language
video/mp4