EvilBytecode/Amsi-Patch-Updated-2025 external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

EvilBytecode/Amsi-Patch-Updated-2025

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/EvilBytecode/Amsi-Patch-Updated-2025)

Close

EvilBytecode / Amsi-Patch-Updated-2025View on GitHubMore

• External links
• Readme badge

How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.

☆25Apr 21, 2025Updated 10 months ago

Alternatives and similar repositories for Amsi-Patch-Updated-2025

Users that are interested in Amsi-Patch-Updated-2025 are comparing it to the libraries listed below

• WeaponizedVSCode / Extension

  View on GitHub
  Weaponized VSCode Extensions
  ☆15Updated this week
• EvilBytecode / PhantomDelay

  View on GitHub
  PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …
  ☆19May 8, 2025Updated 9 months ago
• X1r0z / ClassNameObfuscator

  View on GitHub
  基于多种策略, 对已有 JAR 包中的全限定类名进行变换, 无限生成高度相似的虚假类名
  ☆18Jul 30, 2025Updated 7 months ago
• S12cybersecurity / ETWEvasionToolkit

  View on GitHub
  Toolkit of Projects to attack and evade Event Trace for Windows
  ☆26Aug 28, 2025Updated 6 months ago
• EvilBytecode / Evil-Go

  View on GitHub
  A malicous Golang Package
  ☆15Apr 21, 2025Updated 10 months ago
• knight0x07 / NailaoLoader-Hiding-Execution-Flow

  View on GitHub
  NailaoLoader: Hiding Execution Flow via Patching
  ☆22Feb 27, 2025Updated last year
• Esonhugh / sliver-stage-helper

  View on GitHub
  Let sliver use msf payload!
  ☆25Mar 23, 2025Updated 11 months ago
• EvilBytecode / Evilbytecode-Shellcode-Go-Tactics

  View on GitHub
  A mutliple tactics to execute shellcode in go :}
  ☆23Apr 21, 2025Updated 10 months ago
• Teach2Breach / pool_party_rs

  View on GitHub
  remote process injections using pool party techniques
  ☆70Jun 29, 2025Updated 8 months ago
• casp3r0x0 / CortexRansomBypass

  View on GitHub
  Cortex EDR Ransomware protection Bypass
  ☆26Feb 8, 2025Updated last year
• vova7878 / DexFile

  View on GitHub
  Library for reading and writing dex files
  ☆25Updated this week
• EvilBytecode / SsnRetrieval

  View on GitHub
  Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…
  ☆15Apr 21, 2025Updated 10 months ago
• EvilBytecode / Powershell-Persistance

  View on GitHub
  Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…
  ☆12Apr 21, 2025Updated 10 months ago
• h41th / Simple-Crystal-Palace-RDLL-template-for-Adaptix

  View on GitHub
  ☆36Feb 12, 2026Updated 2 weeks ago
• su18 / JavaMethodExtractor

  View on GitHub
  Extract entire function source code based on giving line number using Javaparser
  ☆21Jul 15, 2025Updated 7 months ago
• threatexpress / redteamguide

  View on GitHub
  Home of https://redteam.guide
  ☆15Sep 19, 2022Updated 3 years ago
• ZERODETECTION / Havoc_Demon_API_Hashing

  View on GitHub
  Rehashing APIs to prevent hash based detection
  ☆14Jan 7, 2025Updated last year
• EvilBytecode / EvilByte-Remote-AMSI-Bypass

  View on GitHub
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆54May 12, 2025Updated 9 months ago
• nbaertsch / PoolProxy

  View on GitHub
  Proxy function calls through the thread pool with ease
  ☆31Feb 27, 2025Updated last year
• zero2504 / FrostLock-Injection

  View on GitHub
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆43Apr 6, 2025Updated 10 months ago
• EvilBytecode / Eset-Unload

  View on GitHub
  Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …
  ☆12Apr 21, 2025Updated 10 months ago
• Mr-xn / tongda_OfficeTask_RCE

  View on GitHub
  通达OA OfficeTask udp 2397 端口远程代码执行RCE检测工具
  ☆21Jun 13, 2025Updated 8 months ago
• rmb122 / ebpf-backdoor-demo

  View on GitHub
  linux ebpf backdoor demo
  ☆12Nov 20, 2024Updated last year
• BishopFox / sliver-wasm-stager

  View on GitHub
  A stager and implant that executes remote Web Assembly
  ☆37Feb 4, 2026Updated 3 weeks ago
• EvilBytecode / RubyRedOps

  View on GitHub
  💎 | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Ruby
  ☆10Apr 21, 2025Updated 10 months ago
• S12cybersecurity / FreeThreadHijacking

  View on GitHub
  Perform Thread Hijacking Shellcode Injection without OpenProcess and OpenThread mapping all the free handles in memory
  ☆16Jul 16, 2024Updated last year
• casp3r0x0 / PolymorphicSignature

  View on GitHub
  A C#-implemented malware that dynamically modifies its own hash upon each execution to evade detection.
  ☆17Feb 3, 2025Updated last year
• mrLochness350 / Libload-Reflective

  View on GitHub
  ☆17Feb 14, 2025Updated last year
• 0x3rhy / BOF-DCOMPotato-PrintNotify

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆13Feb 4, 2024Updated 2 years ago
• ELMERIKH / Beryl

  View on GitHub
  Payload Dropper with Persistance & Privesc & UAC bypass 🐱‍👤
  ☆14Apr 8, 2024Updated last year
• Teach2Breach / hollow_rs

  View on GitHub
  A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.
  ☆31Feb 7, 2025Updated last year
• landv / ring0-force-kill-process

  View on GitHub
  查找并使用PspTerminateThreadByPointer函数强制结束进程可以杀360进程 https://www.writebug.com/git/Demon-Gan-123/ring0-force-kill-process.git
  ☆17Dec 21, 2022Updated 3 years ago
• MaorSabag / HollowMask

  View on GitHub
  Just another Process Injection using Process Hollowing technique.
  ☆18Sep 18, 2023Updated 2 years ago
• c0rdis / openfire_decrypt

  View on GitHub
  Little java tool to decrypt passwords from Openfire embedded-db
  ☆16Nov 14, 2015Updated 10 years ago
• CroodSolutions / BypassIT

  View on GitHub
  BypassIT is a framework for covert malware delivery and post-exploitation using AutoIT for red / blue team self assessment.
  ☆45Jul 6, 2025Updated 7 months ago
• garrettfoster13 / ldap_bofs

  View on GitHub
  Random BOFs for LDAP tradecraft
  ☆74Sep 9, 2025Updated 5 months ago
• xRedCodex / BofArsenal

  View on GitHub
  The most extensive collection of BOFs (Beacon Object Files) tailored for Red Teams using C++23
  ☆23Jun 19, 2025Updated 8 months ago
• EvilBytecode / EByte-Pattern-AmsiPatch

  View on GitHub
  Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to ne…
  ☆27May 13, 2025Updated 9 months ago
• EvilBytecode / Nyx-Full-Dll-Unhook

  View on GitHub
  (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
  ☆51May 22, 2025Updated 9 months ago