Running Unicorn Payloads on Other Systems

trustedsec / unicorn

Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.

https://www.trustedsec.com

Other

3.74k stars 817 forks source link

Running Unicorn Payloads on Other Systems #103

Closed TecTom101 closed 5 years ago

TecTom101 commented 5 years ago

I can make a payload easily thanks to your tool, and it runs perfectly on windows and I can even run it over networks. Although I was wondering if there was a way to run it on other operating systems like Macintosh. If there is, I'd like to know about it and if there isn't, don't crucify me. Thank you!

trustedsec commented 5 years ago

No problem and happy to answer - this is a specific attack against Windows-based systems since it involves injecting into memory using Windows-specific language. It's not designed for OS X. Wouldn't be able to use OS X as it's a PowerShell specific attack (Windows-centric, although it's open source now), and the techniques used specifically target Windows platforms.

Hope that helps!