Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to neutralize malware scanning without modifying any files on disk.
☆27May 13, 2025Updated 9 months ago
Alternatives and similar repositories for EByte-Pattern-AmsiPatch
Users that are interested in EByte-Pattern-AmsiPatch are comparing it to the libraries listed below
Sorting:
- Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…☆12Apr 21, 2025Updated 10 months ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…☆45Jun 1, 2025Updated 8 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54May 12, 2025Updated 9 months ago
- ATL.dll and WmiMgmt.msc UAC Bypass☆12Apr 26, 2025Updated 10 months ago
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 9 months ago
- kASLR bypass technique on Intel CPUs.☆32May 18, 2025Updated 9 months ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆26Apr 21, 2025Updated 10 months ago
- Go Based Crypter That Can Bypass Any Kinds Of Antivirus Products, payload crypter supports over 4 programming languages.☆61Apr 27, 2025Updated 10 months ago
- Decrypting yandex browser passwords☆27Apr 8, 2025Updated 10 months ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…☆62May 16, 2025Updated 9 months ago
- Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…☆59Oct 10, 2025Updated 4 months ago
- ☆36Feb 12, 2026Updated 2 weeks ago
- Cobalt Strike automation scripts collection☆12Oct 28, 2020Updated 5 years ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Apr 21, 2025Updated 10 months ago
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆92Apr 27, 2025Updated 10 months ago
- ☆21Jan 8, 2026Updated last month
- Malware development in Go, learn today, anti dynamic analysis & Static & sandboxes.☆15Apr 21, 2025Updated 10 months ago
- ☆29Oct 19, 2024Updated last year
- Misery Loader to bypass modern EDR solutions☆18Dec 20, 2024Updated last year
- A Documentation for my module PS2BAT, it converts Powershell Scripts to Batchfile ones.☆11Apr 21, 2025Updated 10 months ago
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆166Jul 30, 2025Updated 6 months ago
- Plantronics Desktop Hub LPE☆37May 15, 2024Updated last year
- Thats it! An Open-Source Windows UEFI Rootkit☆28Jul 19, 2025Updated 7 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆103Apr 27, 2025Updated 10 months ago
- Educational proof-of-concept demonstrating DEP/NX bypass using hardware breakpoints, vectored exception handling, and instruction emulati…☆99Oct 17, 2025Updated 4 months ago
- Dynamic Indirect Syscalls via JOP/ROP in Pure no_std, no_alloc, no dependency Rust☆43Aug 6, 2025Updated 6 months ago
- Hook system calls on Windows by using Kaspersky's hypervisor☆17Dec 25, 2024Updated last year
- A malicous Golang Package☆15Apr 21, 2025Updated 10 months ago
- 在cobaltstrike中使用的bof工具集,收集整理验证好用的bof。☆17Sep 30, 2021Updated 4 years ago
- Troll TaskManager, and play with it .☆30Aug 3, 2025Updated 6 months ago
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.☆25Apr 21, 2025Updated 10 months ago
- Using ioctl major function swaps to "spoof" the ARP table☆15Sep 11, 2024Updated last year
- Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET☆50May 5, 2025Updated 9 months ago
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Jan 6, 2024Updated 2 years ago
- NailaoLoader: Hiding Execution Flow via Patching☆22Feb 27, 2025Updated last year
- golang decryption poc of the new app bound encryption introduced in chrome version 127.☆22Nov 4, 2024Updated last year
- Windows Access token manipulation tool made in C#☆24Aug 24, 2025Updated 6 months ago
- A slightly more fun way to disable windows defender☆52May 4, 2025Updated 9 months ago
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆51May 22, 2025Updated 9 months ago