Alternatives and similar repositories for ARM64_AmsiPatch

Users that are interested in ARM64_AmsiPatch are comparing it to the libraries listed below

• vysecurity / Nemesis-Download-Watcher
  Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.
  ☆14Updated last year
• scriptchildie / gohellsgate
  Golang Implementation of Hell's gate
  ☆17Updated 2 years ago
• ChoiSG / GwisinMsi
  PoC MSI payload based on ASEC/AhnLab's blog post
  ☆23Updated 2 years ago
• sudonoodle / Aggressor-NTFY
  Cobalt Strike notifications via NTFY.
  ☆13Updated 8 months ago
• EvilBytecode / Powershell-Persistance
  Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…
  ☆9Updated last month
• kapellos / VladimiRED
  ☆18Updated 5 months ago
• zimnyaa / smbsocks
  A simple rpc2socks alternative in pure Go.
  ☆28Updated 10 months ago
• MaorSabag / HollowMask
  Just another Process Injection using Process Hollowing technique.
  ☆17Updated last year
• G0ldenGunSec / DayBird
  Extension functionality for the NightHawk operator client
  ☆27Updated last year
• jfjallid / go-cmloot
  A tool to enumerate and download files from the System Center Configuration Manager (SCCM) SMB share (SCCMContentLib)
  ☆13Updated 10 months ago
• iamagarre / BadExclusions
  BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR
  ☆20Updated last year
• RedSiege / Delta-Encoder
  ☆15Updated 11 months ago
• eversinc33 / RDPassSpray
  Python3 tool to perform password spraying using RDP
  ☆17Updated last year
• xforcered / DayBird
  Extension functionality for the NightHawk operator client
  ☆27Updated last year
• S3cur3Th1sSh1t / nim-strenc
  string encryption in Nim
  ☆19Updated 11 months ago
• duckbillsecurity / pdf-smuggler
  Create PDFs with HTML smuggling attachments that save on opening the document.
  ☆29Updated last year
• Tylous / Dent
  A framework for creating COM-based bypasses utilizing vulnerabilities in Microsoft's WDAPT sensors.
  ☆14Updated 2 years ago
• 0xB455 / ActiveSyncBruter
  ☆25Updated 3 months ago
• malcomvetter / TLAD
  The Totally Legit Authentication Dialog
  ☆12Updated last year
• EvilBytecode / Amsi-Patch-Updated-2025
  How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.
  ☆17Updated last month
• redskal / SharpAzbelt
  .NET port of Leron Gray's azbelt tool.
  ☆26Updated last year
• D4rthMaulCop / DumpKernel-S1
  A C# port of https://gist.github.com/adamsvoboda/8f29e09d74b73e1dec3f9049c4358e80
  ☆20Updated 2 months ago
• MythicAgents / nemesis
  Nemesis agent for Mythic
  ☆27Updated 9 months ago
• EspressoCake / BetterPipename
  Example of using Sleep to create better named pipes.
  ☆41Updated last year
• Offensive-Panda / WPM-MAJIC-ENTRY-POINT-INJECTION
  This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…
  ☆16Updated 7 months ago
• chryzsh / linux_bof
  ELF Beacon Object File (BOF) Template
  ☆19Updated 6 months ago
• inzlain / sameuser
  Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual
  ☆14Updated 2 years ago
• affix / rusty-hollow
  Unix Process hollowing in rust
  ☆22Updated 5 months ago
• ChoiSG / havoc2nginx
  havoc2nginx is a simple python script that converts Havoc Framework's yaotl malleable c2 profile to Nginx configuration file format. Most…
  ☆12Updated 2 years ago
• Octoberfest7 / Proxy_Egress_Persistence
  A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies
  ☆32Updated 2 years ago