How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.
☆26Apr 21, 2025Updated 10 months ago
Alternatives and similar repositories for Amsi-Patch-Updated-2025
Users that are interested in Amsi-Patch-Updated-2025 are comparing it to the libraries listed below
Sorting:
- Weaponized VSCode Extensions☆15Feb 22, 2026Updated 3 weeks ago
- Cortex EDR Ransomware protection Bypass☆27Feb 8, 2025Updated last year
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 10 months ago
- 基于多种策略, 对已有 JAR 包中的全限定类名进行变换, 无限生成高度相似的虚假类名☆18Jul 30, 2025Updated 7 months ago
- A malicous Golang Package☆15Apr 21, 2025Updated 10 months ago
- A C#-implemented malware that dynamically modifies its own hash upon each execution to evade detection.☆17Feb 3, 2025Updated last year
- Library for reading and writing dex files☆26Updated this week
- Let sliver use msf payload!☆25Mar 23, 2025Updated 11 months ago
- NailaoLoader: Hiding Execution Flow via Patching☆23Feb 27, 2025Updated last year
- remote process injections using pool party techniques☆70Jun 29, 2025Updated 8 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.☆55May 12, 2025Updated 10 months ago
- Rehashing APIs to prevent hash based detection☆14Jan 7, 2025Updated last year
- Toolkit of Projects to attack and evade Event Trace for Windows☆26Aug 28, 2025Updated 6 months ago
- A stager and implant that executes remote Web Assembly☆37Feb 4, 2026Updated last month
- 💎 | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Ruby☆10Apr 21, 2025Updated 10 months ago
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆43Apr 6, 2025Updated 11 months ago
- Random BOFs for LDAP tradecraft☆74Sep 9, 2025Updated 6 months ago
- Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to ne…☆28May 13, 2025Updated 10 months ago
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆13Feb 4, 2024Updated 2 years ago
- A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.☆31Feb 7, 2025Updated last year
- A mutliple tactics to execute shellcode in go :}☆24Apr 21, 2025Updated 10 months ago
- Proxy function calls through the thread pool with ease☆31Feb 27, 2025Updated last year
- ☆10Dec 8, 2022Updated 3 years ago
- Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …☆12Apr 21, 2025Updated 10 months ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…☆45Jun 1, 2025Updated 9 months ago
- Use NT Native Registry API to create a registry that normal user can not query.☆94Dec 7, 2017Updated 8 years ago
- 通达OA OfficeTask udp 2397 端口远程代码执行RCE检测工具☆21Jun 13, 2025Updated 9 months ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Apr 21, 2025Updated 10 months ago
- Home of https://redteam.guide☆15Sep 19, 2022Updated 3 years ago
- linux ebpf backdoor demo☆12Nov 20, 2024Updated last year
- ☆37Feb 12, 2026Updated last month
- ☆17Feb 14, 2025Updated last year
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆51May 22, 2025Updated 9 months ago
- Cobalt Strike UDRL for memory scanner evasion.☆52Dec 4, 2023Updated 2 years ago
- Pack your .NET assembly into a Native (C++)☆12Dec 19, 2022Updated 3 years ago
- A C# project that builds a Web Application which redirects all HTTPS☆26Feb 11, 2025Updated last year
- Extract entire function source code based on giving line number using Javaparser☆21Jul 15, 2025Updated 8 months ago
- Azure AppHunter is an open-source tool created for security researchers, red teamers and defenders to help them identify excessive privil…☆99Feb 25, 2026Updated 3 weeks ago
- Dump LSASS by spoofing command line arguments to procdump.☆20Oct 21, 2024Updated last year