Two in one, patch lifetime powershell console, no more etw and amsi!
☆103Apr 27, 2025Updated 10 months ago
Alternatives and similar repositories for Lifetime-Amsi-EtwPatch
Users that are interested in Lifetime-Amsi-EtwPatch are comparing it to the libraries listed below
Sorting:
- 💎 | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Ruby☆10Apr 21, 2025Updated 10 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.☆55May 12, 2025Updated 10 months ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Apr 21, 2025Updated 10 months ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…☆45Jun 1, 2025Updated 9 months ago
- ☆32Jun 1, 2024Updated last year
- Kill malawarebytes process. Can be ported to any programming language.☆12Apr 21, 2025Updated 10 months ago
- Small toolkit for extracting information and dumping sensitive strings from Windows processes☆117Jul 17, 2024Updated last year
- A malicous Golang Package☆15Apr 21, 2025Updated 10 months ago
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆51May 22, 2025Updated 9 months ago
- Enable-All-Tokens is a Go-based project designed to adjust and enable a list of specified privileges for the current process token on a W…☆10Apr 21, 2025Updated 10 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆460Aug 2, 2024Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆701May 7, 2025Updated 10 months ago
- Indirect Syscall with TartarusGate Approach in Go☆135Jul 8, 2025Updated 8 months ago
- A POC to disable TamperProtection and other Defender / MDE components☆255Jun 6, 2024Updated last year
- ☆252Jul 31, 2024Updated last year
- ☆187Jun 14, 2025Updated 9 months ago
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver☆294Apr 21, 2025Updated 10 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆211Jun 10, 2024Updated last year
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆26Apr 21, 2025Updated 10 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆133Oct 4, 2024Updated last year
- Near compile-time string obfuscation for Golang☆13Oct 3, 2023Updated 2 years ago
- A Tool that aims to evade av with binary padding☆161Jun 28, 2024Updated last year
- Go Based Crypter That Can Bypass Any Kinds Of Antivirus Products, payload crypter supports over 4 programming languages.☆60Apr 27, 2025Updated 10 months ago
- SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your a…☆75May 3, 2024Updated last year
- Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…☆12Apr 21, 2025Updated 10 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆268Apr 8, 2025Updated 11 months ago
- PowerShell script to dump Microsoft Defender Config, protection history and Exploit Guard Protection History (no admin privileges requir…☆155Jun 10, 2024Updated last year
- ACEshark is a utility designed for rapid extraction and analysis of Windows service configurations and Access Control Entries, eliminatin…☆123Jan 15, 2025Updated last year
- Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to ne…☆28May 13, 2025Updated 10 months ago
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆95Apr 27, 2025Updated 10 months ago
- Continuous password spraying tool☆204Mar 12, 2026Updated last week
- Info on how to use Kerberos KDC on a non-domain joined host☆53Jul 31, 2024Updated last year
- MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection.☆337Aug 7, 2024Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆169May 30, 2024Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 10 months ago
- A mutliple tactics to execute shellcode in go :}☆24Apr 21, 2025Updated 10 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆85Aug 13, 2024Updated last year