This package generates an HTML application that runs a Cobalt Strike payload using an executable, a Powershell command or a VBA script.
- You may choose the Executable option to get an HTML Application that drops an executable to disk and runs it.
- Choose the PowerShell option to get an HTML Application that uses PowerShell to run a payload.
- Use the VBA option to silently spawn a Microsoft Excel instance and run a malicious macro that injects a payload into memory.
Obfuscation and tuning
Consider using the Resource Kit or morph-hta for obfuscation and tuning purposes.