Bypassing Amsi using LdrLoadDll
☆47Jan 8, 2025Updated last year
Alternatives and similar repositories for AmsiBypass
Users that are interested in AmsiBypass are comparing it to the libraries listed below
Sorting:
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆50Jul 6, 2025Updated 7 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆41Aug 28, 2024Updated last year
- Enable or Disable TokenPrivilege(s)☆15May 17, 2024Updated last year
- open source port/reimplementation of the Cobalt Strike BOF Loader as is☆68Feb 3, 2026Updated last month
- Linux Shared Library to Shellcode Loader☆84Feb 15, 2026Updated 2 weeks ago
- Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET☆51May 5, 2025Updated 10 months ago
- The most extensive collection of BOFs (Beacon Object Files) tailored for Red Teams using C++23☆23Jun 19, 2025Updated 8 months ago
- A C# tool for extracting information from SCCM PXE boot media.☆51Jan 14, 2026Updated last month
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Jun 18, 2022Updated 3 years ago
- C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.☆111Apr 14, 2023Updated 2 years ago
- Use hardware breakpoint to dynamically change SSN in run-time☆279Apr 10, 2024Updated last year
- ☆73Mar 16, 2025Updated 11 months ago
- A Windows potato to privesc☆391Aug 26, 2024Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆283Apr 6, 2025Updated 10 months ago
- ☆33Mar 19, 2025Updated 11 months ago
- remote process injections using pool party techniques☆70Jun 29, 2025Updated 8 months ago
- bring your own vulnerable driver☆113May 17, 2023Updated 2 years ago
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆166Jul 30, 2025Updated 7 months ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- This repository will contain source codes from the Tradecraft improvement blog series☆14Mar 27, 2025Updated 11 months ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆138Apr 6, 2025Updated 10 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.☆164Oct 31, 2024Updated last year
- The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/☆210Jan 29, 2023Updated 3 years ago
- BOF to decrypt Signal Desktop chat logs☆71Feb 20, 2025Updated last year
- Mythic C2 wrapper for NimSyscallPacker☆25Mar 12, 2025Updated 11 months ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆28Sep 18, 2024Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 9 months ago
- Terminate AV/EDR Processes using kernel driver☆352Jun 12, 2023Updated 2 years ago
- converts sRDI compatible dlls to shellcode☆35Jan 20, 2025Updated last year
- PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.☆202Sep 11, 2025Updated 5 months ago
- ☆21Jan 8, 2026Updated last month
- ☆11Feb 12, 2023Updated 3 years ago
- Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs☆23Jul 11, 2025Updated 7 months ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆41Jul 9, 2023Updated 2 years ago
- Evasive shellcode loader☆401Oct 17, 2024Updated last year
- Chrome browser extension-based Command & Control☆239Jul 2, 2025Updated 8 months ago