ShigShag / AMSI-Bypass-via-Page-Guard-ExceptionsView external linksLinks
Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions
☆63Nov 15, 2025Updated 2 months ago
Alternatives and similar repositories for AMSI-Bypass-via-Page-Guard-Exceptions
Users that are interested in AMSI-Bypass-via-Page-Guard-Exceptions are comparing it to the libraries listed below
Sorting:
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 3 months ago
- C# .NET Assembly to perform LDAP Queries☆27Apr 1, 2021Updated 4 years ago
- HardwareTurningPoint, Fully Go Compatible Hardware Breakpoint☆16Jan 30, 2025Updated last year
- custom impacket mssqlclient☆26Sep 16, 2023Updated 2 years ago
- AppLocker-Based EDR Neutralization☆302Dec 19, 2025Updated last month
- Manage Shadows Copies via the VSS API using C#, C++, Crystal or Python. Working on Windows 11☆81Jan 26, 2026Updated 2 weeks ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- A tool to easily perform GitHub Device Code Phishing on red team engagements☆82Updated this week
- Lateral Movement☆125Nov 14, 2023Updated 2 years ago
- Executing Shellcode with ReadDirectoryChanges’s Hidden Callback☆29Oct 13, 2025Updated 4 months ago
- using wnbios64.sys for arbitrary r/w☆15Oct 12, 2025Updated 4 months ago
- Interract with Microsoft SQL Server (MS SQL | MSSQL) servers and their linked instances in restricted environments, without the need for …☆52Feb 6, 2026Updated last week
- A Windows tool that converts LDIF files to BloodHound CE☆25Dec 20, 2025Updated last month
- Bypass WiFi client isolation on Open and WPA2-PSK networks☆39Oct 14, 2025Updated 4 months ago
- A powerful shell script for creating custom WSL (Windows Subsystem for Linux) distributions with embedded payloads.☆71Nov 16, 2025Updated 2 months ago
- IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…☆118May 2, 2024Updated last year
- ☆21Sep 12, 2025Updated 5 months ago
- ☆26Aug 11, 2025Updated 6 months ago
- Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques☆90Dec 28, 2025Updated last month
- ☆198Mar 28, 2025Updated 10 months ago
- Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation☆336Feb 2, 2026Updated last week
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54May 12, 2025Updated 9 months ago
- Payload Generation Framework☆20Oct 24, 2024Updated last year
- PICO-Implant is a Proof of Concept C2 implant built using Position-independent Code Objects (PICO) for modular functionality. This projec…☆43Nov 9, 2025Updated 3 months ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆25Sep 29, 2023Updated 2 years ago
- ☆21Jul 13, 2022Updated 3 years ago
- A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter sp…☆21Jan 20, 2025Updated last year
- A (quite) simple steganography algorithm to hide shellcodes within bitmap image.☆25May 4, 2024Updated last year
- ☆618Feb 5, 2026Updated last week
- Swiss Army Knife for payload encryption, obfuscation, and conversion to byte arrays – all in a single command (14 output formats supporte…☆207Sep 20, 2025Updated 4 months ago
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆121Jul 11, 2025Updated 7 months ago
- ☆59Dec 10, 2025Updated 2 months ago
- Python script to compress VBA macro files☆24Feb 2, 2023Updated 3 years ago
- JamfHound is a python3 project designed to collect and identify attack paths in Jamf Pro tenants based on existing object permissions by …☆117Sep 2, 2025Updated 5 months ago
- Stealthy In-Memory Local Password Harvester (SILPH) tool: dump LSA, SAM and DCC2 with indirect syscall☆130Dec 17, 2025Updated last month
- PowerShell script to automate enabling RDP, local admin user creation, and configuring firewall rules for RDP access.☆42Jan 22, 2025Updated last year
- PowerShell collector for adding SCCM attack paths to BloodHound with OpenGraph☆67Jan 30, 2026Updated 2 weeks ago
- ☆186Jun 14, 2025Updated 8 months ago
- LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and r…☆381Apr 26, 2025Updated 9 months ago