BlackShell256 / Null-AMSI
Null-AMSI is an AMSI and ETW bypass that takes advantage of .NET types (.NET Reflection) to bypassing AV/EDR.
☆29Updated 2 months ago
Alternatives and similar repositories for Null-AMSI:
Users that are interested in Null-AMSI are comparing it to the libraries listed below
- ☆52Updated 3 months ago
- C++ Staged Shellcode Loader with Evasion capabilities.☆80Updated 4 months ago
- Construct the payload at runtime using an array of offsets☆61Updated 8 months ago
- A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust☆83Updated 10 months ago
- Section-based payload obfuscation technique for x64☆59Updated 6 months ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆24Updated 5 months ago
- ☆52Updated 2 months ago
- Create Anti-Copy DRM Malware☆52Updated 6 months ago
- ☆54Updated 3 months ago
- Work, timer, and wait callback example using solely Native Windows APIs.☆85Updated last year
- SAM Dumping in C#☆42Updated last month
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆68Updated 9 months ago
- Exploits a flaw in Remote Desktop Plus by monitoring and decrypting temporary .rdp files in %localappdata%/Temp, revealing credentials us…☆16Updated last year
- Tool to aid in dumping LSASS process remotely☆38Updated 6 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 7 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆76Updated 4 months ago
- ☆41Updated 7 months ago
- Bypassing Amsi using LdrLoadDll☆37Updated last month
- Sniffing files generator☆52Updated 3 months ago
- ☆28Updated 8 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated 11 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆117Updated 4 months ago
- Windows Thread Pool Injection Havoc Implementation☆28Updated 10 months ago
- BOF for C2 framework☆39Updated 3 months ago