Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Process Explorer driver to kill a process's handles from kernel mode.
☆81Feb 23, 2024Updated 2 years ago
Alternatives and similar repositories for Amaterasu
Users that are interested in Amaterasu are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Identify and exploit leaked handles for local privilege escalation.☆112Jun 19, 2023Updated 2 years ago
- Hidedump:a lsassdump tools that may bypass EDR☆51May 23, 2024Updated last year
- 一款集成 CodeQL 静态分析和 LLM (大语言模型) 智能验证的半自动化代码审计工具☆20Jan 6, 2026Updated 3 months ago
- ☆25Jun 13, 2022Updated 3 years ago
- 一种通过进程注入实现强制关闭部分杀软进程的方法(以360安全卫士和360杀毒为例)☆140Dec 26, 2023Updated 2 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Execute Remote Assembly with args passing and with AMSI and ETW patching .☆34Jul 18, 2025Updated 9 months ago
- 复现《EDR的梦魇:Storm-0978使用新型内核注入技术“Step Bear”》☆161Oct 27, 2024Updated last year
- 一款内网横向渗透辅助工具☆28Mar 26, 2022Updated 4 years ago
- kill AV/EDR☆20Jun 9, 2023Updated 2 years ago
- Bring Your Own Vulnerable Driver for PatchGuard & Driver Signature Enforcement☆16Apr 6, 2024Updated 2 years ago
- CPP AV/EDR Killer☆480Nov 28, 2023Updated 2 years ago
- A nim implementation of sRDI☆20Oct 18, 2023Updated 2 years ago
- BOF内存运行exe☆32Jun 19, 2023Updated 2 years ago
- Exploitation of echo_driver.sys☆170Sep 16, 2023Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- HVNC for Cobalt Strike☆1,322Dec 7, 2023Updated 2 years ago
- Kill Everything AV/EDR☆27Nov 18, 2024Updated last year
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆74Sep 6, 2021Updated 4 years ago
- Security product hook detection☆329Mar 30, 2021Updated 5 years ago
- Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques and used by Patchwork group.☆836Jul 2, 2024Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆135Jan 2, 2023Updated 3 years ago
- Bypass EDR Create TaskServers☆39Dec 24, 2022Updated 3 years ago
- some AV / EDR / analysis studies☆10May 21, 2023Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 3 years ago
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆411Mar 16, 2026Updated last month
- 一款基于PE Patch技术的后渗透免杀工具,主要支持x64☆356Mar 5, 2025Updated last year
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆101Mar 20, 2023Updated 3 years ago
- hey!这里用来存放公众号中使用的代码☆10Jun 21, 2024Updated last year
- Source files for my posts☆17Jun 20, 2023Updated 2 years ago
- Simulate per-process disconnection in red team environments☆114Jun 6, 2025Updated 10 months ago
- 「💀」Proof of concept on BYOVD attack☆165Dec 7, 2024Updated last year
- Generate an obfuscated DLL that will disable AMSI & ETW☆332Jul 15, 2024Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- kill anti-malware protected processes ( BYOVD )☆973Jul 21, 2023Updated 2 years ago
- ProcExp Driver (Ab)use☆22Dec 28, 2022Updated 3 years ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆687Aug 15, 2025Updated 8 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆304Jul 31, 2024Updated last year
- MSFRottenPotato built as a Reflective DLL. Work in progress. Gotta love Visual C++☆31Oct 25, 2018Updated 7 years ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆266Apr 29, 2023Updated 3 years ago
- A more advanced free and open .NET obfuscator using dnlib.☆10Oct 4, 2022Updated 3 years ago