Skip to content

vivami/OutlookParasite

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
OutlookExtension
OutlookExtension
 
 
.gitignore
.gitignore
 
 
Outlook-Parasite.ps1
Outlook-Parasite.ps1
 
 
README.md
README.md
 
 

Repository files navigation

OutlookParasite

This is a method that misuses Outlook Add-in functionality to obtain (unprivileged) persistence using Outlook (or other Office programs). This method also bypasses the "ClickOnce" install pop-up that you'd normally get when installing an unsigned Outlook Add-in. This is pretty stealth I guess, since you're living inside an Outlook process and are started once Outlook is started by the user (every morning?). It's also not detected by Sysinternals' Autoruns. More information here.

Usage

  1. Compile the .sln and copy everything in the Release directory except for the .pdo to the target machine in some directory (i.e. C:\ProgramData\).
  2. Execute the Install-OutlookAddin -PayloadPath C:\ProgramData\<OutlookAddinNameYouCanChooseYourself>.vsto

To clean up, run Remove-OutlookAddin and delete the files on disk.

About

Outlook persistence using VSTO add-ins

Resources

Readme
Activity

Stars

83 stars

Watchers

8 watching

Forks

22 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages