Bypass AMSI and Executing PowerShell scripts from C# - using CyberArk's method to bypass AMSI
☆31Feb 22, 2020Updated 6 years ago
Alternatives and similar repositories for HideFromAMSI
Users that are interested in HideFromAMSI are comparing it to the libraries listed below
Sorting:
- PoC: process watcher patterns to make killing a process hard.☆11Aug 1, 2018Updated 7 years ago
- C# Shellcode Runner to execute shellcode via CreateRemoteThread and SetThreadContext to evade Get-InjectedThread☆119Apr 9, 2019Updated 6 years ago
- ☆14Sep 22, 2019Updated 6 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆219Mar 5, 2020Updated 6 years ago
- WMI Event Subscription Persistence in C#☆112May 29, 2019Updated 6 years ago
- Extracts all base64 ticket data from a rubeus /dump file and converts the tickets to ccache files for easy use with other tools.☆66Oct 3, 2020Updated 5 years ago
- ☆76Jul 30, 2024Updated last year
- DInvisibleRegistry☆83Nov 20, 2020Updated 5 years ago
- C# DCOM Execution☆17Aug 4, 2019Updated 6 years ago
- Aggressor Script to Execute Assemblies from Github☆71Nov 30, 2020Updated 5 years ago
- A repo to hold any bypasses I work on/study/whatever☆19Dec 30, 2020Updated 5 years ago
- External C2 Using IE COM Objects☆100Feb 24, 2019Updated 7 years ago
- ☆28Dec 28, 2017Updated 8 years ago
- Run shellcode from resource☆259Dec 13, 2020Updated 5 years ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 5 years ago
- Kill AMSI in a remote process PoC☆10Aug 18, 2018Updated 7 years ago
- ☆11Apr 23, 2019Updated 6 years ago
- Reflective DLL loading of your favorite Golang program☆173Jan 27, 2020Updated 6 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆17Sep 29, 2018Updated 7 years ago
- RunPE using Hell's Gate technique.☆32Dec 4, 2020Updated 5 years ago
- inject or convert shellcode to PE☆41Oct 14, 2019Updated 6 years ago
- ** DISCONTINUED ** C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + …☆218Dec 8, 2022Updated 3 years ago
- Reflectively load PE☆106Aug 4, 2020Updated 5 years ago
- simple demo of using C# & System.Management.Automation.dll to run powershell code (b64 encoded) without powershell.exe☆14Mar 29, 2017Updated 8 years ago
- Apfell C2 Server for the Google Chrome Extension Payload☆12Aug 12, 2020Updated 5 years ago
- Call your own DLL from VBA and execute code under process svchost.exe with WMI☆12Mar 6, 2020Updated 6 years ago
- CVE-2019-1064 Local Privilege Escalation Vulnerability☆11Jun 12, 2019Updated 6 years ago
- New UAC bypass for Silent Cleanup for CobaltStrike☆191Jul 14, 2021Updated 4 years ago
- (Small change to make it easier to test the payload and combine it with SILENTTRINITY.)A tool for generating .NET serialized gadgets that…☆43Mar 2, 2020Updated 6 years ago
- Simple remote administration tool. Written in c++ and MASM.☆18May 16, 2018Updated 7 years ago
- dem sharp donuts☆202Sep 11, 2022Updated 3 years ago
- A tool to run .Net DLLs from the command line☆105Oct 23, 2018Updated 7 years ago
- Small POC written in C# that performs shellcode injection on x64 processes using direct syscalls as a way to bypass user-land EDR hooks.☆85Dec 20, 2019Updated 6 years ago
- C# PoC implementation for bypassing AMSI via in memory patching☆66Jul 20, 2020Updated 5 years ago
- ☆67Dec 19, 2018Updated 7 years ago
- ☆54Apr 27, 2019Updated 6 years ago
- A .NET tool that uses AppDomain's to enable dynamic execution and escape detection.☆29Nov 25, 2019Updated 6 years ago
- A simple C implementation to decoded your shellcode and writes it directly to memory☆98Jul 10, 2020Updated 5 years ago
- Code that can be used to create/steal/manipulate token contexts in a program. Can be implemented into other C# projects.☆12Jan 3, 2019Updated 7 years ago