EvilBytecode/Lifetime-Amsi-EtwPatch external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

EvilBytecode/Lifetime-Amsi-EtwPatch

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/EvilBytecode/Lifetime-Amsi-EtwPatch)

Close

EvilBytecode / Lifetime-Amsi-EtwPatchView on GitHubMore

• External links
• Readme badge

Two in one, patch lifetime powershell console, no more etw and amsi!

☆103Apr 27, 2025Updated 10 months ago

Alternatives and similar repositories for Lifetime-Amsi-EtwPatch

Users that are interested in Lifetime-Amsi-EtwPatch are comparing it to the libraries listed below

• EvilBytecode / EvilByte-Remote-AMSI-Bypass

  View on GitHub
  Bypasses AMSI protection through remote memory patching and parsing technique.
  ☆54May 12, 2025Updated 9 months ago
• EvilBytecode / RubyRedOps

  View on GitHub
  💎 | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Ruby
  ☆10Apr 21, 2025Updated 10 months ago
• EvilBytecode / SsnRetrieval

  View on GitHub
  Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…
  ☆15Apr 21, 2025Updated 10 months ago
• rasta-mouse / KerbApp

  View on GitHub
  ☆32Jun 1, 2024Updated last year
• cybersectroll / TrollAMSI

  View on GitHub
  ☆186Jun 14, 2025Updated 8 months ago
• ZERODETECTION / MSC_Dropper

  View on GitHub
  ☆250Jul 31, 2024Updated last year
• ricardojoserf / NativeDump

  View on GitHub
  Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
  ☆701May 7, 2025Updated 9 months ago
• mlcsec / proctools

  View on GitHub
  Small toolkit for extracting information and dumping sensitive strings from Windows processes
  ☆116Jul 17, 2024Updated last year
• AlteredSecurity / Disable-TamperProtection

  View on GitHub
  A POC to disable TamperProtection and other Defender / MDE components
  ☆254Jun 6, 2024Updated last year
• EvilBytecode / Malwarebytes-Shutdowner

  View on GitHub
  Kill malawarebytes process. Can be ported to any programming language.
  ☆12Apr 21, 2025Updated 10 months ago
• almounah / superdeye

  View on GitHub
  Indirect Syscall with TartarusGate Approach in Go
  ☆134Jul 8, 2025Updated 7 months ago
• EvilBytecode / Ebyte-ETW-Redirector

  View on GitHub
  A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…
  ☆45Jun 1, 2025Updated 8 months ago
• 0xsp-SRD / MDE_Enum

  View on GitHub
  comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
  ☆211Jun 10, 2024Updated last year
• mertdas / SharpIncrease

  View on GitHub
  A Tool that aims to evade av with binary padding
  ☆161Jun 28, 2024Updated last year
• EvilBytecode / Shellcode-Loader

  View on GitHub
  This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.
  ☆92Apr 27, 2025Updated 10 months ago
• LaresLLC / SuperSharpShares

  View on GitHub
  SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your a…
  ☆75May 3, 2024Updated last year
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆266Apr 8, 2025Updated 10 months ago
• senzee1984 / EDRPrison

  View on GitHub
  Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
  ☆458Aug 2, 2024Updated last year
• EvilBytecode / Evil-Go

  View on GitHub
  A malicous Golang Package
  ☆15Apr 21, 2025Updated 10 months ago
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆128Oct 4, 2024Updated last year
• tehstoni / LexiCrypt

  View on GitHub
  Shellcode encryptor using a substitution cipher with a randomly generated key.
  ☆141Jan 18, 2025Updated last year
• MaLDAPtive / Invoke-Maldaptive

  View on GitHub
  MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.
  ☆336Aug 7, 2024Updated last year
• MpCmdRun / uac-bypass

  View on GitHub
  ATL.dll and WmiMgmt.msc UAC Bypass
  ☆12Apr 26, 2025Updated 10 months ago
• sokaRepo / CoercedPotatoRDLL

  View on GitHub
  Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege
  ☆225Nov 23, 2023Updated 2 years ago
• ricardojoserf / TrickDump

  View on GitHub
  Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
  ☆537May 9, 2025Updated 9 months ago
• PhrozenIO / SharpShellPipe

  View on GitHub
  This lightweight C# demo application showcases interactive remote shell access via named pipes and the SMB protocol.
  ☆122Feb 21, 2025Updated last year
• BlackSnufkin / Invoke-DumpMDEConfig

  View on GitHub
  PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges requir…
  ☆154Jun 10, 2024Updated last year
• EvilBytecode / EByte-Pattern-AmsiPatch

  View on GitHub
  Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to ne…
  ☆27May 13, 2025Updated 9 months ago
• MayerDaniel / profiler-lateral-movement

  View on GitHub
  Lateral Movement via the .NET Profiler
  ☆100Nov 21, 2024Updated last year
• CICADA8-Research / RemoteKrbRelay

  View on GitHub
  Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
  ☆638May 8, 2025Updated 9 months ago
• CCob / DRSAT

  View on GitHub
  Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…
  ☆275Dec 27, 2024Updated last year
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆346Nov 19, 2024Updated last year
• EvilBytecode / EDR-XDR-AV-Killer

  View on GitHub
  Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver
  ☆294Apr 21, 2025Updated 10 months ago
• seajaysec / Ivanti-Connect-Around-Scan

  View on GitHub
  Mitigation validation utility for the Ivanti Connect Around attack chain. Runs multiple checks. CVE-2023-46805, CVE-2024-21887.
  ☆12Feb 3, 2024Updated 2 years ago
• EvilBytecode / Powershell-Persistance

  View on GitHub
  Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…
  ☆12Apr 21, 2025Updated 10 months ago
• lsecqt / SharpRedirect

  View on GitHub
  Simple C# Redirector
  ☆94Aug 31, 2025Updated 5 months ago
• mertdas / SharpTerminator

  View on GitHub
  Terminate AV/EDR Processes using kernel driver
  ☆352Jun 12, 2023Updated 2 years ago
• winsecurity / AMSI-Bypass-HWBP

  View on GitHub
  ☆26Aug 11, 2025Updated 6 months ago
• EvilBytecode / Evilbytecode-Gate

  View on GitHub
  Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…
  ☆26Apr 21, 2025Updated 10 months ago