Shrfnt77/AmsiBypass external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Shrfnt77/AmsiBypass

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Shrfnt77/AmsiBypass)

Close

Shrfnt77 / AmsiBypassView on GitHubMore

• External links
• Readme badge

Bypassing Amsi using LdrLoadDll

☆48Jan 8, 2025Updated last year

Alternatives and similar repositories for AmsiBypass

Users that are interested in AmsiBypass are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Ghaleb0x317374 / StealthyWMIExec.py

  View on GitHub
  A stealthier approach to WMI-based command execution using Impacket without touching the disk.
  ☆83Mar 15, 2026Updated 2 months ago
• patrickt2017 / VEHNetLoader

  View on GitHub
  Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
  ☆50Jul 6, 2025Updated 10 months ago
• CodeXTF2 / Cobaltstrike_BOFLoader

  View on GitHub
  open source port/reimplementation of the Cobalt Strike BOF Loader as is
  ☆72Mar 8, 2026Updated 2 months ago
• Cracked5pider / kaine-assembly

  View on GitHub
  a demo module for the kaine agent to execute and inject assembly modules
  ☆41Aug 28, 2024Updated last year
• voidvxvi / EnableAllTokenPrivs

  View on GitHub
  Enable or Disable TokenPrivilege(s)
  ☆15May 17, 2024Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• SECFORCE / SharpWhispers

  View on GitHub
  C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.
  ☆111Apr 14, 2023Updated 3 years ago
• susMdT / SharpIndirectSyscalls

  View on GitHub
  ☆11Feb 12, 2023Updated 3 years ago
• 0xcf80 / ShellCodeLoader_Indirect_Syscalls

  View on GitHub
  Shellcode Loader using indirect syscalls
  ☆16Jan 21, 2024Updated 2 years ago
• smokeme / asar-backdoor

  View on GitHub
  ☆34Mar 19, 2025Updated last year
• Prepouce / CoercedPotato

  View on GitHub
  A Windows potato to privesc
  ☆393Aug 26, 2024Updated last year
• senzee1984 / MutationGate

  View on GitHub
  Use hardware breakpoint to dynamically change SSN in run-time
  ☆280Apr 10, 2024Updated 2 years ago
• zzhsec / NlsCodeInjectionThroughRegistry

  View on GitHub
  Dll injection through code page id modification in registry. Based on jonas lykk research
  ☆16Jun 18, 2022Updated 3 years ago
• 0xsch1zo / NullGate

  View on GitHub
  Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.
  ☆167Jul 30, 2025Updated 9 months ago
• Wh04m1001 / GamingServiceEoP

  View on GitHub
  ☆150Mar 22, 2024Updated 2 years ago
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• dosxuz / TradecraftImrprovement

  View on GitHub
  This repository will contain source codes from the Tradecraft improvement blog series
  ☆15Mar 27, 2025Updated last year
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆197Feb 6, 2025Updated last year
• cpu0x00 / Ghost

  View on GitHub
  Evasive shellcode loader
  ☆398Oct 17, 2024Updated last year
• MythicAgents / Hannibal

  View on GitHub
  A Mythic Agent written in PIC C.
  ☆204Feb 4, 2025Updated last year
• Meowmycks / trustme

  View on GitHub
  BOF to impersonate TrustedInstaller via DISM API trigger and thread impersonation
  ☆129Mar 27, 2026Updated last month
• Darkrain2009 / RedExt

  View on GitHub
  Chrome browser extension-based Command & Control
  ☆259Mar 18, 2026Updated 2 months ago
• amauricio / junkshell

  View on GitHub
  ☆74Mar 16, 2025Updated last year
• decoder-it / KrbRelayEx-RPC

  View on GitHub
  ☆201Mar 28, 2025Updated last year
• trustedsec / LLVM-Obfuscation-Experiments

  View on GitHub
  ☆19May 22, 2024Updated 2 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• Maldev-Academy / HookingLsassForCredentials

  View on GitHub
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆55May 12, 2025Updated last year
• 0xRedpoll / SignalKeyBOF

  View on GitHub
  BOF to decrypt Signal Desktop chat logs
  ☆70Feb 20, 2025Updated last year
• mertdas / SharpTerminator

  View on GitHub
  Terminate AV/EDR Processes using kernel driver
  ☆354Jun 12, 2023Updated 2 years ago
• 0xHossam / HuffLoader

  View on GitHub
  Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.
  ☆287Apr 6, 2025Updated last year
• senzee1984 / InflativeLoading

  View on GitHub
  Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.
  ☆327Apr 12, 2024Updated 2 years ago
• inb1ts / birdnet-poc

  View on GitHub
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆41Jul 9, 2023Updated 2 years ago
• paranoidninja / Proxy-Function-Calls-For-ETwTI

  View on GitHub
  The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
  ☆214Jan 29, 2023Updated 3 years ago
• backdoorskid / ClrAmsiScanPatcher

  View on GitHub
  Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET
  ☆53May 5, 2025Updated last year
• 0xEr3bus / PoolPartyBof

  View on GitHub
  A beacon object file implementation of PoolParty Process Injection Technique.
  ☆449Dec 21, 2023Updated 2 years ago
• Deploy open-source AI quickly and easily - Special Bonus Offer • Ad
  Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
• sliverarmory / malasada

  View on GitHub
  Linux Shared Library to Shellcode Loader
  ☆97Feb 15, 2026Updated 3 months ago
• fortra / No-Consolation

  View on GitHub
  A BOF that runs unmanaged PEs inline
  ☆702Oct 23, 2024Updated last year
• zero2504 / Early-Cryo-Bird-Injections

  View on GitHub
  Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects
  ☆144Apr 6, 2025Updated last year
• Teach2Breach / pool_party_rs

  View on GitHub
  remote process injections using pool party techniques
  ☆71Jun 29, 2025Updated 10 months ago
• Hagrid29 / BYOVDKit

  View on GitHub
  bring your own vulnerable driver
  ☆120May 17, 2023Updated 3 years ago
• EricEsquivel / OpsLoader

  View on GitHub
  A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader
  ☆46Sep 25, 2024Updated last year
• Faran-17 / Hellshazzard

  View on GitHub
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆84Aug 13, 2024Updated last year