GhostDelivery is a python script to generate obfuscated .vbs script that delivers payload (payload dropper) with persistence and windows antivirus disabling functions.
Heavy
Downloads payload to TEMP directory and executes payload to bypass windows smart screen. Disables Defender,
UAC/user account control, Defender Notifications, injects/creates Command Prompt and Microsoft Edge shortcuts with payload path (%TEMP%/payload.exe) to execute payload when opened, adds a scheduled task called “WindowsDefender” for payload to be run at login and obfuscates the vbs delivery script.
GhostDelivery has a serveo function to deliver obfuscated vbs script.
Also Read – VTHunting : A Tiny Script Used to Generate Report About Virus Total Hunting
Medium
The medium option only delivers/executes payload, creates a scheduled task named “WindowsDefender” to run payload at login for persistence, disables UAC and injects/creates Command Prompt and Microsoft Edge shortcuts with payload path.
The light option only delivers/executes payload, creates a scheduled task named “WindowsDefender” to run payload at login for persistence and injects/creates Command Prompt and Microsoft Edge shortcuts with payload path. Prerequisites/requirements:
*Python 2.7, Modules imported in script. (random, sys, string, os, time, base64)
bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…
Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…