ThePirateWhoSmellsOfSunflowers
ThePirateWhoSmellsOfSunflowers
Very cool and useful idea :+1: :sunflower:
Hi, I think it's because the macro needs to be Base64 encoded. As you can see in your screenshot, red lines are not valid VBA code. :sunflower:
Rewrite the macro to be valid VBA code ;) In my opinion, if you want to bypass antivirus you need to write your own obfuscation method. For example start to...
Hi, Have you tried [this workaround](https://github.com/EmpireProject/Empire/issues/563#issuecomment-336529523)? I'm not sure if it's the same issue, but worth a try. :sunflower:
Hi, Is your agent administrator ? :sunflower:
Currently, the module does not work on W8.1. The launcher is ok, `Invoke-SluiBypass -command "powershellcmd` is ok, but if you try `Invoke-SluiBypass -command "powershell -NoP -NonI -w Hidden -enc [...]...
Good idea, however, how do you manage staging ? One staging URL and then the agent downloads the list on the "endpoints" ? And if the stage 1 fail, it's...
Whoah nice to see you are working hard on it! > [..] support for all the infrastructure minus the stagers [..] Is "stagers" means "launcher" for you? (or is "stager"...
Hi, I don't really understand the difference between your links and the modules already implemented such as `persistence/userland/registry`. This module is already fileless if I remember correctly. The solution provided...
Hi, > To clarify the module stores the PowerShell agent/payload within the start up registry key, the existing module already does that > key is then saved with a NULL...