This month I’ve added in two different modules for our November 2015 V-Day, and both are in relation to our powershell payloads!
First, I built on top of our download and inject HTTP powershell module and added the ability to download code on the fly from a HTTPS server. This module will download code from HTTPS protected web servers that are not using a valid cert (read self-signed).
Next, another auxiliary module was added into Veil-Evasion. We built a module upon khr0x40sh’s blog post where Veil-Evasion’s powershell/shellcode_inject/virtual payload was converted into macro code. This new auxiliary module simply takes the steps documented in the blog post and automates the process. It will output a text file containing the code that just needs to be pasted in, and you will then have a valid working macro. The only option you will need to specify is if you are going to be running the code on a x86 or x64 system.
We hope that this helps, and we still have plenty more module for future releases! Let me know in #Veil on freenode if you have any questions!