BlackShell256 / Null-AMSI
Null-AMSI is an AMSI and ETW bypass that takes advantage of .NET types (.NET Reflection) to bypassing AV/EDR.
☆46Updated 2 weeks ago
Alternatives and similar repositories for Null-AMSI:
Users that are interested in Null-AMSI are comparing it to the libraries listed below
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆149Updated 2 weeks ago
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆59Updated 8 months ago
- .bin file to shellcode convertor☆34Updated 8 months ago
- this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)☆80Updated last year
- Malicious powershell scripts loader designed to avoid detection.☆49Updated last year
- ☆137Updated last year
- Construct the payload at runtime using an array of offsets☆63Updated 9 months ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆172Updated last month
- Adversary Emulation Framework☆92Updated 8 months ago
- Dumping lsass without mimikatz with the exfiltration of the data using FAKE ntp packets☆79Updated this week
- ☆33Updated 4 months ago
- This repo is for the youtube video where we have explained how to make a detectable reverse shell undetectable by windows defender☆26Updated last year
- Scripts I use to deploy Havoc on Linode and setup categorization and SSL☆40Updated 9 months ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆151Updated 10 months ago
- Example code samples from our ScriptBlock Smuggling Blog post☆90Updated 9 months ago
- Inject RDPThief into memory with PowerShell.☆62Updated 2 months ago
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆72Updated 3 weeks ago
- ☆54Updated 5 months ago
- ☆54Updated 4 months ago
- ☆79Updated last month
- An impacket-lite cli tool that combines many useful impacket functions using a single session.☆47Updated last month
- Create Anti-Copy DRM Malware☆54Updated 7 months ago
- ☆62Updated last week
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆118Updated 5 months ago
- Command and Control (C2) framework☆126Updated 11 months ago
- A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust☆84Updated 11 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆73Updated 7 months ago
- ☆64Updated 11 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆96Updated last year
- PowerShell Reverse Shell☆61Updated last year