Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Process Explorer driver to kill a process's handles from kernel mode.
☆80Feb 23, 2024Updated 2 years ago
Alternatives and similar repositories for Amaterasu
Users that are interested in Amaterasu are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Identify and exploit leaked handles for local privilege escalation.☆110Jun 19, 2023Updated 2 years ago
- Hidedump:a lsassdump tools that may bypass EDR☆51May 23, 2024Updated last year
- ☆25Jun 13, 2022Updated 3 years ago
- 一种通过进程注入实现强制关闭部分杀软进程的方法(以360安全卫士和360杀毒为例)☆140Dec 26, 2023Updated 2 years ago
- Execute Remote Assembly with args passing and with AMSI and ETW patching .☆34Jul 18, 2025Updated 8 months ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- 复现《EDR的梦魇:Storm-0978使用新型内核注入技术“Step Bear”》☆161Oct 27, 2024Updated last year
- 一款内网横向渗透辅助工具☆28Mar 26, 2022Updated 4 years ago
- kill AV/EDR☆20Jun 9, 2023Updated 2 years ago
- Bring Your Own Vulnerable Driver for PatchGuard & Driver Signature Enforcement☆15Apr 6, 2024Updated 2 years ago
- CPP AV/EDR Killer☆481Nov 28, 2023Updated 2 years ago
- A nim implementation of sRDI☆20Oct 18, 2023Updated 2 years ago
- BOF内存运行exe☆31Jun 19, 2023Updated 2 years ago
- Exploitation of echo_driver.sys☆170Sep 16, 2023Updated 2 years ago
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- HVNC for Cobalt Strike☆1,314Dec 7, 2023Updated 2 years ago
- Kill Everything AV/EDR☆27Nov 18, 2024Updated last year
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆71Sep 6, 2021Updated 4 years ago
- Security product hook detection☆328Mar 30, 2021Updated 5 years ago
- Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques and used by Patchwork group.☆835Jul 2, 2024Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆135Jan 2, 2023Updated 3 years ago
- Bypass EDR Create TaskServers☆39Dec 24, 2022Updated 3 years ago
- some AV / EDR / analysis studies☆10May 21, 2023Updated 2 years ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆410Mar 16, 2026Updated 3 weeks ago
- 一款基于PE Patch技术的后渗透免杀工具,主要支持x64☆356Mar 5, 2025Updated last year
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆99Mar 20, 2023Updated 3 years ago
- hey!这里用来存放公众号中使用的代码☆10Jun 21, 2024Updated last year
- Source files for my posts☆17Jun 20, 2023Updated 2 years ago
- Simulate per-process disconnection in red team environments☆113Jun 6, 2025Updated 10 months ago
- 「💀」Proof of concept on BYOVD attack☆166Dec 7, 2024Updated last year
- kill anti-malware protected processes ( BYOVD )☆973Jul 21, 2023Updated 2 years ago
- Generate an obfuscated DLL that will disable AMSI & ETW☆331Jul 15, 2024Updated last year
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- ProcExp Driver (Ab)use☆22Dec 28, 2022Updated 3 years ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆685Aug 15, 2025Updated 7 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆301Jul 31, 2024Updated last year
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆263Apr 29, 2023Updated 2 years ago
- MSFRottenPotato built as a Reflective DLL. Work in progress. Gotta love Visual C++☆31Oct 25, 2018Updated 7 years ago
- A more advanced free and open .NET obfuscator using dnlib.☆10Oct 4, 2022Updated 3 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,009Jun 4, 2024Updated last year