DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
☆102Sep 18, 2023Updated 2 years ago
Alternatives and similar repositories for DebugAmsi
Users that are interested in DebugAmsi are comparing it to the libraries listed below
Sorting:
- Hide your P/Invoke signatures through other people's signed assemblies☆211Mar 10, 2024Updated last year
- My implementation of the GIUDA project in C++☆189Jul 25, 2023Updated 2 years ago
- Privileger is a tool to work with Windows Privileges☆139Feb 7, 2023Updated 3 years ago
- Extracting NetNTLM without touching lsass.exe☆244Nov 27, 2023Updated 2 years ago
- A step-by-step walkthrough of how to write a Client and a Driver to communicate with each other and boost the priority of a thread.☆17Dec 12, 2023Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆409Jan 11, 2026Updated last month
- Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE☆65May 1, 2023Updated 2 years ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆427Feb 11, 2024Updated 2 years ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- Your syscall factory☆126Jan 13, 2026Updated last month
- Just another ntdll unhooking using Parun's Fart technique☆76Feb 15, 2023Updated 3 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆136Dec 20, 2022Updated 3 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Jul 12, 2024Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆261Jun 29, 2024Updated last year
- The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section☆111Jul 15, 2023Updated 2 years ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆293Jul 15, 2023Updated 2 years ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year
- ☆152Oct 2, 2023Updated 2 years ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆779Jan 26, 2026Updated last month
- Using fibers to run in-memory code.☆242Oct 19, 2023Updated 2 years ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆122Jul 2, 2024Updated last year
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Apr 10, 2022Updated 3 years ago
- Remote Shellcode Injector☆220Aug 27, 2023Updated 2 years ago
- Some scripts to abuse kerberos using Powershell☆355Jul 27, 2023Updated 2 years ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆283Jun 15, 2024Updated last year
- Native Syscalls Shellcode Injector☆266Jul 2, 2023Updated 2 years ago
- EDRSandblast-GodFault☆271Aug 28, 2023Updated 2 years ago
- Just another Process Injection using Process Hollowing technique.☆18Sep 18, 2023Updated 2 years ago
- Use hardware breakpoint to dynamically change SSN in run-time☆279Apr 10, 2024Updated last year
- Amsi Bypass payload that works on Windwos 11☆378Jul 30, 2023Updated 2 years ago
- Automated DLL Sideloading Tool With EDR Evasion Capabilities☆505Dec 19, 2023Updated 2 years ago
- Sleep obfuscation for shellcode implants and their reflective shit☆53Sep 19, 2023Updated 2 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆368Apr 19, 2023Updated 2 years ago
- RunPE implementation with multiple evasive techniques (1)☆382Sep 22, 2023Updated 2 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- ☆319Jun 28, 2023Updated 2 years ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆60Dec 15, 2023Updated 2 years ago