BlackShell256 / Null-AMSI
Null-AMSI is an AMSI and ETW bypass that takes advantage of .NET types (.NET Reflection) to bypassing AV/EDR.
☆55Updated 3 weeks ago
Alternatives and similar repositories for Null-AMSI:
Users that are interested in Null-AMSI are comparing it to the libraries listed below
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆61Updated last week
- Ghosting-AMSI☆159Updated 2 weeks ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆151Updated last year
- TeamServer and Client of Exploration Command and Control Framework☆125Updated this week
- Malicious powershell scripts loader designed to avoid detection.☆51Updated last year
- Inject RDPThief into memory with PowerShell.☆63Updated 3 months ago
- ☆154Updated 9 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆97Updated last year
- .bin file to shellcode convertor☆34Updated 10 months ago
- Morpheus is a memory dumper that extracts lsass.exe in RAM and exfiltrates it via forged NTP packets. It uses RC4 encryption and Reed-Sol…☆92Updated last month
- ☆137Updated last year
- A PoC for Early Cascade process injection technique.☆178Updated 3 months ago
- Stage 0☆159Updated 4 months ago
- Adversary Emulation Framework☆98Updated 9 months ago
- 「💀」Proof of concept on BYOVD attack☆158Updated 5 months ago
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆157Updated last month
- ☆69Updated last month
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆148Updated last year
- This repo is for the youtube video where we have explained how to make a detectable reverse shell undetectable by windows defender☆26Updated last year
- ☆83Updated 2 months ago
- A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …☆162Updated last week
- Command and Control (C2) framework☆126Updated last year
- Construct the payload at runtime using an array of offsets☆63Updated 10 months ago
- ☆171Updated 5 months ago
- Our Tips&Tricks☆117Updated 2 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆198Updated 10 months ago
- Evasive Golang Loader☆131Updated 9 months ago
- PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges requir…☆148Updated 10 months ago
- The OUned project automating Active Directory Organizational Units ACL exploitation through gPLink poisoning☆112Updated last month
- Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks☆105Updated 4 months ago