EvilBytecode / Ebyte-AMSI-ProxyInjectorLinks
A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the target’s threads, patches the function to always return AMSI_RESULT_CLEAN without altering original bytes directly, ensuring stealthy AMSI bypass.
☆62Updated 8 months ago
Alternatives and similar repositories for Ebyte-AMSI-ProxyInjector
Users that are interested in Ebyte-AMSI-ProxyInjector are comparing it to the libraries listed below
Sorting:
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆81Updated 7 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61Updated 8 months ago
- Static Encrypt is an crate that encrypts string literals at compile time and only decrypted at runtime when needed.☆55Updated 2 weeks ago
- Early cascade injection PoC based on Outflanks blog post written in Rust☆67Updated last month
- PoC for generating bthprops.cpl module designed to be loaded by Fsquirt.exe LOLBin☆121Updated last month
- Create Anti-Copy DRM Malware☆71Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆83Updated last year
- EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running.☆180Updated 3 weeks ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆135Updated 9 months ago
- Dumping App Bound Protected Credentials & Cookies Without Privileges.☆166Updated 8 months ago
- We found a way to DLL sideload with cleanmgr.exe☆96Updated 11 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54Updated 8 months ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆165Updated 4 months ago
- Remote DLL Injection with Timer-based Shellcode Execution☆153Updated 6 months ago
- Shellcode loader☆100Updated last year
- Driver Reverse & Exploitation☆82Updated 5 months ago
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆61Updated 10 months ago
- Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion☆99Updated 6 months ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…☆45Updated 8 months ago
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike☆181Updated 3 months ago
- EDR-Redir : a tool used to redirect the EDR's folder to another location.☆222Updated 3 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54Updated 8 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆84Updated last year
- converts sRDI compatible dlls to shellcode☆35Updated last year
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆135Updated 10 months ago
- Threadless shellcode injection tool☆68Updated last year
- ☆53Updated 4 months ago
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆89Updated 11 months ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆85Updated 9 months ago
- Just a simple silly PoC demonstrating executable "exe" file that can be used like exe, dll or shellcode...☆169Updated last year