EvilBytecode / Ebyte-AMSI-ProxyInjectorLinks
A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the target’s threads, patches the function to always return AMSI_RESULT_CLEAN without altering original bytes directly, ensuring stealthy AMSI bypass.
☆50Updated 3 months ago
Alternatives and similar repositories for Ebyte-AMSI-ProxyInjector
Users that are interested in Ebyte-AMSI-ProxyInjector are comparing it to the libraries listed below
Sorting:
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆56Updated 3 months ago
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆75Updated 2 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆76Updated last year
- Create Anti-Copy DRM Malware☆63Updated last year
- Bypasses AMSI protection through remote memory patching and parsing technique.☆48Updated 3 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated 10 months ago
- Enumerate active EDR's on the system☆75Updated last week
- Early cascade injection PoC based on Outflanks blog post written in Rust☆54Updated 6 months ago
- ☆145Updated 9 months ago
- converts sRDI compatible dlls to shellcode☆30Updated 7 months ago
- Threadless shellcode injection tool☆66Updated last year
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆91Updated last year
- Collection of red team techniques.☆59Updated 4 months ago
- Good CLR Host with Native patchless AMSI Bypass☆87Updated 4 months ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆25Updated 11 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆128Updated 4 months ago
- Remote DLL Injection with Timer-based Shellcode Execution☆95Updated last month
- Classic Process Injection with Memory Evasion Techniques implemantation☆71Updated last year
- Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls…☆86Updated 4 months ago
- Section-based payload obfuscation technique for x64☆64Updated last year
- We found a way to DLL sideload with cleanmgr.exe☆92Updated 6 months ago
- 「⚠️」Performing a BYOVD on the truesight.sys driver☆40Updated 8 months ago
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆79Updated 5 months ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆86Updated 2 years ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆102Updated 4 months ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆78Updated 4 months ago
- Convert your shellcode into an ASCII string☆110Updated 2 months ago
- A Mythic agent for Windows written in C☆132Updated last month
- Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks☆116Updated 8 months ago
- ☆57Updated 10 months ago