SaadAhla / AMSI_patch
Patching AmsiOpenSession by forcing an error branching
☆143Updated last year
Alternatives and similar repositories for AMSI_patch:
Users that are interested in AMSI_patch are comparing it to the libraries listed below
- Patch AMSI and ETW☆235Updated 9 months ago
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆205Updated last year
- ☆180Updated last year
- C# POC to extract NetNTLMv1/v2 hashes from ETW provider☆252Updated last year
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆224Updated last year
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆147Updated last year
- Useful Cobalt Strike Beacon Object Files (BOFs) used during red teaming and penetration testing engagements.☆92Updated 2 years ago
- Lateral Movement Using DCOM and DLL Hijacking☆283Updated last year
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆155Updated 8 months ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆170Updated 2 years ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆184Updated last year
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆143Updated 2 years ago
- Execute shellcode files with rundll32☆190Updated last year
- My implementation of the GIUDA project in C++☆167Updated last year
- Havoc C2 profile generator☆68Updated 3 months ago
- (Demo) 3rd party agent for Havoc☆133Updated last year
- COFF file (BOF) for managing Kerberos tickets.☆288Updated last year
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆180Updated last year
- Shaco is a linux agent for havoc☆156Updated last year
- ☆190Updated 10 months ago
- Extracting NetNTLM without touching lsass.exe☆233Updated last year
- Attempt at Obfuscated version of SharpCollection☆203Updated this week
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆173Updated 11 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆278Updated 2 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆313Updated last year
- Useful Cobalt Strike BOFs found or used during engagements☆136Updated last year
- ☆120Updated last year
- A BOF to automate common persistence tasks for red teamers☆273Updated last year
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆118Updated 7 months ago