Alternatives and similar repositories for Patch-Amsi

Users that are interested in Patch-Amsi are comparing it to the libraries listed below

• Vith0r / Indirect-Syscalls
  Indirect Syscalls Loader
  ☆18Updated last year
• jakydibe / Zone
  ☆17Updated 4 months ago
• ntdll0 / HVNC
  My POC implementation of HVNC (Hidden VNC / Hidden Desktop)
  ☆28Updated last year
• ioncodes / SilentLoad
  "Service-less" driver loading
  ☆177Updated last year
• vvswift / Bypass-Protection0x00
  EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.
  ☆50Updated 2 months ago
• 0xJs / BYOVD_read_write_primitive
  Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
  ☆204Updated 5 months ago
• 0xOvid / RootkitDiaries
  Collection of different rootkit functionality, each driver representing a different rootkit component
  ☆12Updated 8 months ago
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆214Updated last year
• RWXstoned / LdrShuffle
  Code execution/injection technique using DLL PEB module structure manipulation
  ☆220Updated 8 months ago
• NtDallas / Draugr
  BOF with Synthetic Stackframe
  ☆219Updated 3 months ago
• Logan-Elliott / HollowGhost
  Process hollowing C# shellcode runner that is FUD against Microsoft Defender as of October 7, 2023.
  ☆24Updated 2 years ago
• CarlosG13 / Process-Hypnosis-Debugger-assisted-control-flow-hijack
  ☆42Updated last year
• S12cybersecurity / GhostlyHollowingCrypter
  Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum…
  ☆17Updated 7 months ago
• TwoSevenOneT / CreateProcessAsPPL
  This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  ☆294Updated 3 months ago
• CheckPointSW / VectoredOverloading
  ☆113Updated last month
• Maldev-Academy / LsassHijackingViaReg
  Injecting DLL into LSASS at boot
  ☆156Updated 9 months ago
• susMdT / LoudSunRun
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆253Updated last year
• V-i-x-x / kernel-callback-removal
  kernel callback removal (Bypassing EDR Detections)
  ☆211Updated 2 months ago
• xrombar / flower
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆107Updated last year
• S12cybersecurity / NtUnhook
  Selective In-Memory Syscall Unhooking, a stealthy method to bypass user-mode hooks in ntdll.dll
  ☆25Updated 7 months ago
• klezVirus / DriverJack
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆358Updated last year
• Friends-Security / RedirectThread
  Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…
  ☆196Updated 7 months ago
• 0xPrimo / KMDllInjector
  kernel-mode DLL Injector
  ☆125Updated 9 months ago
• 0prrr / Malwear-Sweet
  Malware?
  ☆76Updated 3 months ago
• hasherezade / waiting_thread_hijacking
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆262Updated 5 months ago
• naksyn / DojoLoader
  Generic PE loader for fast prototyping evasion techniques
  ☆244Updated last year
• JanielDary / ImmoralFiber
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆280Updated last year
• tanc7 / skidstorm
  ☆25Updated 10 months ago
• eversinc33 / PSXecute
  MIPS VM to execute payloads without allocating executable memory. Based on a PlayStation 1 (PSX) Emulator.
  ☆124Updated last year
• HackLike-co / Cloak
  Generate Secure, Polymorphic, Evasive (lol) Payloads
  ☆29Updated 4 months ago