EvilBytecode / Ebyte-AMSI-ProxyInjectorLinks
A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the target’s threads, patches the function to always return AMSI_RESULT_CLEAN without altering original bytes directly, ensuring stealthy AMSI bypass.
☆61Updated 6 months ago
Alternatives and similar repositories for Ebyte-AMSI-ProxyInjector
Users that are interested in Ebyte-AMSI-ProxyInjector are comparing it to the libraries listed below
Sorting:
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆60Updated 6 months ago
- Driver Reverse & Exploitation☆80Updated 3 months ago
- Create Anti-Copy DRM Malware☆70Updated last year
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆80Updated 5 months ago
- Dumping App Bound Protected Credentials & Cookies Without Privileges.☆152Updated 6 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54Updated 6 months ago
- We found a way to DLL sideload with cleanmgr.exe☆95Updated 9 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Updated last year
- Shellcode loader☆96Updated last year
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆48Updated 6 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆133Updated 7 months ago
- ApexLdr is a DLL Payload Loader written in C☆113Updated last year
- Classic Process Injection with Memory Evasion Techniques implemantation☆72Updated 2 years ago
- Locate dlls and function addresses without PEB Walk and EAT parsing☆90Updated last month
- Threadless shellcode injection tool☆67Updated last year
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆132Updated 3 months ago
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike☆174Updated last month
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆160Updated 2 months ago
- Self-mutating macOS implant☆101Updated last week
- Basic interactive Windows kernel offensive toolkit written in C☆133Updated 2 months ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…☆44Updated 6 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated last year
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆135Updated last year
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆55Updated 8 months ago
- Modern PIC implant for Windows (64 & 32 bit)☆105Updated 4 months ago
- A Mythic agent for Windows written in C☆140Updated 3 weeks ago
- A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user☆41Updated last year
- Just a simple silly PoC demonstrating executable "exe" file that can be used like exe, dll or shellcode...☆171Updated last year
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Updated last year
- Tool to bypass LSA Protection (aka Protected Process Light)☆62Updated 11 months ago