MzHmO / DebugAmsiLinks
DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
☆98Updated 2 years ago
Alternatives and similar repositories for DebugAmsi
Users that are interested in DebugAmsi are comparing it to the libraries listed below
Sorting:
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆120Updated last year
- ☆114Updated 11 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆146Updated last year
- ☆135Updated 8 months ago
- ☆109Updated 8 months ago
- Find DLLs with RWX section☆80Updated 2 years ago
- ☆151Updated 2 years ago
- ☆122Updated 2 years ago
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆86Updated 7 months ago
- Example code samples from our ScriptBlock Smuggling Blog post☆91Updated last year
- ☆49Updated 3 months ago
- Impersonate Tokens using only NTAPI functions☆80Updated 6 months ago
- Remotely Enumerate sessions using undocumented Windows Station APIs☆119Updated last year
- Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion☆95Updated 3 months ago
- ☆158Updated 10 months ago
- Lateral Movement via the .NET Profiler☆84Updated 11 months ago
- TokenCert☆100Updated 11 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated last year
- The Swiss army knife of evasion tool that bypasses AMSI, Applocker, and CLM mode simultaneously.☆27Updated last year
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆114Updated 3 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆47Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Updated last year
- Lateral Movement☆124Updated last year
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆182Updated last year
- Lateral Movement Bof with MSI ODBC Driver Install☆126Updated 3 weeks ago
- Modern PIC implant for Windows (64 & 32 bit)☆103Updated 3 months ago
- Good CLR Host with Native patchless AMSI Bypass☆95Updated 6 months ago
- Windows Thread Pool Injection Havoc Implementation☆32Updated last year
- ☆57Updated 8 months ago
- ☆192Updated 6 months ago