this doesnt work

[Cyb3rDudu]

What doesn't work? @koetje07 please be more specific

[koetje07]

When I do the steps as in setup sliver C2 and namacro usage, I have the two jobs running, then I copy and paste the vba code into my word vba editor. when I try to save I get the popup from microsoft word saying "word cannot complete the save due to a file permissions error", defender instantly pops up, and regonzes the file as being a trojan, then instantly deletes the word file.

[Cyb3rDudu]

Yes of course. This is expected behavior. You have to implement av evasion in the vba code and in the dotnet assembly as well. I encourage you to learn how to do that.

[koetje07]

can you guide me on how to achieve full evasion?

[Cyb3rDudu]

Naaaa, this is a wide area.. You are smart enough to figure that out. You need a working amsi bypass and checks to see if you are in a simulator to stop execution.