MzHmO / DebugAmsiLinks
DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
☆98Updated last year
Alternatives and similar repositories for DebugAmsi
Users that are interested in DebugAmsi are comparing it to the libraries listed below
Sorting:
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Updated last year
- Find DLLs with RWX section☆81Updated 2 years ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆119Updated last year
- ☆133Updated 6 months ago
- ☆110Updated 6 months ago
- ☆152Updated last year
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated last year
- ☆112Updated 9 months ago
- ☆157Updated 8 months ago
- ☆124Updated last year
- A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications.…☆95Updated 10 months ago
- Do some DLL SideLoading magic☆86Updated last year
- Two in one, patch lifetime powershell console, no more etw and amsi!☆96Updated 4 months ago
- Impersonate Tokens using only NTAPI functions☆79Updated 4 months ago
- Lateral Movement via the .NET Profiler☆82Updated 9 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆76Updated last year
- ☆47Updated last month
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…☆49Updated 3 months ago
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆79Updated 5 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated 10 months ago
- Remotely Enumerate sessions using undocumented Windows Station APIs☆119Updated last year
- Find .net assemblies locally☆121Updated 2 years ago
- Lateral Movement☆124Updated last year
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆91Updated last year
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆51Updated last year
- ☆57Updated 6 months ago
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆182Updated last year
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆120Updated last year
- A small How-To on creating your own weaponized WSL file☆113Updated last month