EvilBytecode / EByte-Pattern-AmsiPatchLinks
Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to neutralize malware scanning without modifying any files on disk.
☆18Updated 2 months ago
Alternatives and similar repositories for EByte-Pattern-AmsiPatch
Users that are interested in EByte-Pattern-AmsiPatch are comparing it to the libraries listed below
Sorting:
- converts sRDI compatible dlls to shellcode☆29Updated 5 months ago
- Performs a global AMSI bypass by patching amsi.dll in memory.☆12Updated last month
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Updated last year
- Shellcode Loader Utilizing ETW Events☆63Updated 4 months ago
- ☆35Updated 6 months ago
- Unhook Ntdll.dll, Go & C++.☆25Updated 2 months ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆70Updated this week
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆75Updated 11 months ago
- 💎 | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Ruby☆10Updated 2 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆53Updated 2 months ago
- Shellcode loader☆89Updated 7 months ago
- ATL.dll and WmiMgmt.msc UAC Bypass☆12Updated 2 months ago
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆63Updated last year
- a demo module for the kaine agent to execute and inject assembly modules☆39Updated 10 months ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆42Updated last year
- Threadless shellcode injection tool☆66Updated 11 months ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆92Updated 4 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆61Updated last year
- Classic Process Injection with Memory Evasion Techniques implemantation☆70Updated last year
- TypeLib persistence technique☆118Updated 8 months ago
- ForsHops☆54Updated 3 months ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆47Updated last year
- Section-based payload obfuscation technique for x64☆61Updated 11 months ago
- kernel-mode DLL Injector☆92Updated 2 months ago
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆49Updated last year
- shell code example☆57Updated 2 months ago
- Cobalt Strike UDRL for memory scanner evasion.☆51Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆51Updated 5 months ago
- A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user☆40Updated 11 months ago
- LKM rootkit for modern kernels, with DNS C2 and a simple web interface☆72Updated last week