An interesting tool that uses Visual Studio projects in build events to execute a remote payload specified by PowerShell code injected into the VS project file. This project is based on a Visual Studio exploit that North Korean hackers used to poison a Visual Studio project file so that it would execute a payload upon startup.
Features
Poison vbproj/csproj file by injecting malicious code
Poisoned file remote payload via direct download link
Schtasks persistence
Startup persistence
Disable Windows Defender (in progress)
Fake error message & demonstration
OS: Windows
Download:
Features
Poison vbproj/csproj file by injecting malicious code
Poisoned file remote payload via direct download link
Schtasks persistence
Startup persistence
Disable Windows Defender (in progress)
Fake error message & demonstration
OS: Windows
Download:
