Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Process Explorer driver to kill a process's handles from kernel mode.
☆78Feb 23, 2024Updated 2 years ago
Alternatives and similar repositories for Amaterasu
Users that are interested in Amaterasu are comparing it to the libraries listed below
Sorting:
- Identify and exploit leaked handles for local privilege escalation.☆111Jun 19, 2023Updated 2 years ago
- Hidedump:a lsassdump tools that may bypass EDR☆51May 23, 2024Updated last year
- A nim implementation of sRDI☆20Oct 18, 2023Updated 2 years ago
- 一款内网横向渗透辅助工具☆28Mar 26, 2022Updated 3 years ago
- 一种通过进程注入实现强制关闭部分杀软进程的方法(以360安全卫士和360杀毒为例)☆139Dec 26, 2023Updated 2 years ago
- Execute Remote Assembly with args passing and with AMSI and ETW patching .☆34Jul 18, 2025Updated 7 months ago
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆70Sep 6, 2021Updated 4 years ago
- 复现《EDR的梦魇:Storm-0978使用新型内核注入技术“Step Bear”》☆161Oct 27, 2024Updated last year
- HVNC for Cobalt Strike☆1,298Dec 7, 2023Updated 2 years ago
- 「💀」Proof of concept on BYOVD attack☆166Dec 7, 2024Updated last year
- C# havoc implant☆101Feb 12, 2023Updated 3 years ago
- CPP AV/EDR Killer☆480Nov 28, 2023Updated 2 years ago
- Generate an obfuscated DLL that will disable AMSI & ETW☆330Jul 15, 2024Updated last year
- Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques and used by Patchwork group.☆833Jul 2, 2024Updated last year
- Exploitation of echo_driver.sys☆170Sep 16, 2023Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,006Jun 4, 2024Updated last year
- Kill AV/EDR leveraging BYOVD attack☆391Jul 11, 2023Updated 2 years ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆675Aug 15, 2025Updated 6 months ago
- kill anti-malware protected processes ( BYOVD )☆968Jul 21, 2023Updated 2 years ago
- Source files for my posts☆17Jun 20, 2023Updated 2 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆180Feb 10, 2023Updated 3 years ago
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆407Aug 22, 2023Updated 2 years ago
- ☆153Jul 31, 2022Updated 3 years ago
- Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys☆499Jul 27, 2023Updated 2 years ago
- PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.☆568Jan 20, 2026Updated last month
- 2022 Updated Kernelmode-Code☆33Mar 23, 2024Updated last year
- Get fresh Syscalls from a fresh ntdll.dll copy☆235Jan 28, 2022Updated 4 years ago
- Terminate AV/EDR Processes using kernel driver☆352Jun 12, 2023Updated 2 years ago
- Inject .NET assemblies into an existing process☆508Jan 19, 2022Updated 4 years ago
- 一款基于PE Patch技术的后渗透免杀工具,主要支持x64☆354Mar 5, 2025Updated 11 months ago
- New generation of wmiexec.py☆1,254Jan 5, 2026Updated last month
- 64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free☆65Mar 8, 2023Updated 2 years ago
- kill AV/EDR☆21Jun 9, 2023Updated 2 years ago
- Basic interactive Windows kernel offensive toolkit written in C☆137Sep 20, 2025Updated 5 months ago
- Just another ntdll unhooking using Parun's Fart technique☆76Feb 15, 2023Updated 3 years ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆263Apr 29, 2023Updated 2 years ago
- RDP Credential Provider☆11Oct 29, 2025Updated 4 months ago
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- host碰撞工具☆13May 22, 2023Updated 2 years ago