A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the target’s threads, patches the function to always return AMSI_RESULT_CLEAN without altering original bytes directly, ensuring stealthy AMSI bypass.
☆64May 16, 2025Updated 10 months ago
Alternatives and similar repositories for Ebyte-AMSI-ProxyInjector
Users that are interested in Ebyte-AMSI-ProxyInjector are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 11 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54May 12, 2025Updated 10 months ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…☆45Jun 1, 2025Updated 10 months ago
- ☆26Aug 11, 2025Updated 7 months ago
- A Free Open sourced crypter that builds a output .NET .exe Stub (Updated whenever I feel like it)☆19Oct 18, 2025Updated 5 months ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- ATL.dll and WmiMgmt.msc UAC Bypass☆13Apr 26, 2025Updated 11 months ago
- Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET☆54May 5, 2025Updated 11 months ago
- Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to ne…☆28May 13, 2025Updated 10 months ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆94Jan 2, 2026Updated 3 months ago
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆51May 22, 2025Updated 10 months ago
- Troll TaskManager, and play with it .☆30Aug 3, 2025Updated 8 months ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆26Apr 21, 2025Updated 11 months ago
- Decrypting yandex browser passwords☆28Apr 8, 2025Updated last year
- Windows C++ Implant for Exploration C2☆45Jan 26, 2026Updated 2 months ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Parser and reconciliation tooling for large Active Directory environments.☆33Feb 18, 2025Updated last year
- Obex – Blocking unwanted DLLs in user mode☆283Sep 18, 2025Updated 6 months ago
- WinDbg plugin to trace module transitions from a debugged driver.☆51Dec 22, 2025Updated 3 months ago
- modified mssqlclient from impacket to extract policies from the SCCM database☆47Feb 24, 2026Updated last month
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆94Jul 7, 2025Updated 9 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆136Aug 31, 2025Updated 7 months ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 3 years ago
- A python script that automates a C2 Profile build☆48Dec 14, 2025Updated 3 months ago
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike☆195Oct 29, 2025Updated 5 months ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆151Apr 18, 2025Updated 11 months ago
- ☆50Oct 14, 2025Updated 5 months ago
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆50Jan 25, 2025Updated last year
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆139Aug 25, 2025Updated 7 months ago
- HardwareTurningPoint, Fully Go Compatible Hardware Breakpoint☆16Jan 30, 2025Updated last year
- C++ tool and library for converting .bin files to shellcode in multiple output formats.☆34Aug 18, 2025Updated 7 months ago
- Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege☆227Nov 23, 2023Updated 2 years ago
- kernel-mode DLL Injector☆132Apr 24, 2025Updated 11 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- Helps defenders find their WSUS configurations in the wake of CVE-2025-59287☆46Oct 28, 2025Updated 5 months ago
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆82Jun 25, 2025Updated 9 months ago
- ☆37Nov 8, 2024Updated last year
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆100Jan 10, 2026Updated 2 months ago
- Go Shellcode Loader to be Integrated in Exploration C2☆27Feb 7, 2025Updated last year
- Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions☆64Nov 15, 2025Updated 4 months ago