EvilBytecode / EByte-Pattern-AmsiPatchLinks
Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to neutralize malware scanning without modifying any files on disk.
☆21Updated 2 months ago
Alternatives and similar repositories for EByte-Pattern-AmsiPatch
Users that are interested in EByte-Pattern-AmsiPatch are comparing it to the libraries listed below
Sorting:
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…☆37Updated 2 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆76Updated 11 months ago
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆63Updated last year
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆91Updated last year
- Shellcode Loader Utilizing ETW Events☆64Updated 5 months ago
- Shellcode loader☆91Updated 8 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Updated last year
- BOF with Synthetic Stackframe☆158Updated 5 months ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆116Updated last week
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆75Updated last month
- Locate dlls and function addresses without PEB Walk and EAT parsing☆70Updated 2 weeks ago
- converts sRDI compatible dlls to shellcode☆30Updated 6 months ago
- Threadless shellcode injection tool☆66Updated last year
- Unhook Ntdll.dll, Go & C++.☆27Updated 3 months ago
- Section-based payload obfuscation technique for x64☆64Updated 11 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.☆48Updated 2 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54Updated 2 months ago
- Construct the payload at runtime using an array of offsets☆63Updated last year
- Reflective shellcode loaderwith advanced call stack spoofing and .NET support.☆191Updated 3 weeks ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆42Updated last year
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆49Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆61Updated last year
- Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks☆113Updated 7 months ago
- Rewrite to fit my needs☆30Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆128Updated 6 months ago
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆75Updated 3 months ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆92Updated 5 months ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆130Updated 11 months ago
- Code execution/injection technique using DLL PEB module structure manipulation☆152Updated 2 months ago
- kernel-mode DLL Injector☆96Updated 3 months ago