Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Process Explorer driver to kill a process's handles from kernel mode.
☆78Feb 23, 2024Updated 2 years ago
Alternatives and similar repositories for Amaterasu
Users that are interested in Amaterasu are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Identify and exploit leaked handles for local privilege escalation.☆111Jun 19, 2023Updated 2 years ago
- Hidedump:a lsassdump tools that may bypass EDR☆51May 23, 2024Updated last year
- ☆25Jun 13, 2022Updated 3 years ago
- 一种通过进程注入实现强制关闭部分杀软进程的方法(以360安全卫士和360杀毒为例)☆138Dec 26, 2023Updated 2 years ago
- Execute Remote Assembly with args passing and with AMSI and ETW patching .☆34Jul 18, 2025Updated 8 months ago
- 复现《EDR的梦魇:Storm-0978使用新型内核注入技术“Step Bear”》☆161Oct 27, 2024Updated last year
- 一款内网横向渗透辅助工具☆28Mar 26, 2022Updated 3 years ago
- kill AV/EDR☆21Jun 9, 2023Updated 2 years ago
- CPP AV/EDR Killer☆480Nov 28, 2023Updated 2 years ago
- Bring Your Own Vulnerable Driver for PatchGuard & Driver Signature Enforcement☆15Apr 6, 2024Updated last year
- A nim implementation of sRDI☆20Oct 18, 2023Updated 2 years ago
- BOF内存运行exe☆31Jun 19, 2023Updated 2 years ago
- Exploitation of echo_driver.sys☆170Sep 16, 2023Updated 2 years ago
- HVNC for Cobalt Strike☆1,304Dec 7, 2023Updated 2 years ago
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- Kill Everything AV/EDR☆27Nov 18, 2024Updated last year
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆71Sep 6, 2021Updated 4 years ago
- Security product hook detection☆327Mar 30, 2021Updated 4 years ago
- Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques and used by Patchwork group.☆835Jul 2, 2024Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- Bypass EDR Create TaskServers☆39Dec 24, 2022Updated 3 years ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- some AV / EDR / analysis studies☆10May 21, 2023Updated 2 years ago
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆408Mar 16, 2026Updated last week
- 一款基于PE Patch技术的后渗透免杀工具,主要支持x64☆355Mar 5, 2025Updated last year
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆98Mar 20, 2023Updated 3 years ago
- Simulate per-process disconnection in red team environments☆113Jun 6, 2025Updated 9 months ago
- 「💀」Proof of concept on BYOVD attack☆166Dec 7, 2024Updated last year
- kill anti-malware protected processes ( BYOVD )☆968Jul 21, 2023Updated 2 years ago
- Generate an obfuscated DLL that will disable AMSI & ETW☆331Jul 15, 2024Updated last year
- ProcExp Driver (Ab)use☆22Dec 28, 2022Updated 3 years ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆681Aug 15, 2025Updated 7 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆301Jul 31, 2024Updated last year
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆263Apr 29, 2023Updated 2 years ago
- MSFRottenPotato built as a Reflective DLL. Work in progress. Gotta love Visual C++☆31Oct 25, 2018Updated 7 years ago
- Remote Download and Memory Execute for shellcode framework☆97Nov 6, 2022Updated 3 years ago
- A more advanced free and open .NET obfuscator using dnlib.☆10Oct 4, 2022Updated 3 years ago
- Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThrea…☆1,296Jun 21, 2024Updated last year
- Cobalt Strike UDRL for memory scanner evasion.☆1,008Jun 4, 2024Updated last year