Alternatives and similar repositories for Patch-Amsi

Users that are interested in Patch-Amsi are comparing it to the libraries listed below

• Vith0r / Indirect-Syscalls
  Indirect Syscalls Loader
  ☆16Updated 11 months ago
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆206Updated 8 months ago
• V-i-x-x / kernel-callback-removal
  kernel callback removal (Bypassing EDR Detections)
  ☆190Updated 6 months ago
• pard0p / CallstackSpoofingPOC
  C++ self-Injecting dropper based on various EDR evasion techniques.
  ☆395Updated last year
• Yuragy / Bypass-Protection0x00
  EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.
  ☆22Updated 2 months ago
• ZeroMemoryEx / CVE-2025-26125
  (0day) Local Privilege Escalation in IObit Malware Fighter
  ☆154Updated 5 months ago
• jakydibe / Zone
  ☆17Updated last week
• naksyn / DojoLoader
  Generic PE loader for fast prototyping evasion techniques
  ☆238Updated last year
• Chainski / PandaCrypter
  PandaCrypter is a C#-based tool designed to convert PowerShell scripts into obfuscated batch files (.bat) with encryption and additional …
  ☆17Updated last month
• C5Hackr / PEB-Redirection
  ☆11Updated 11 months ago
• hasherezade / waiting_thread_hijacking
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆243Updated 3 weeks ago
• JanielDary / ImmoralFiber
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆271Updated last year
• dobin / RedEdr
  Collect Windows telemetry for Maldev
  ☆421Updated this week
• Cracked5pider / earlycascade-injection
  early cascade injection PoC based on Outflanks blog post
  ☆230Updated 10 months ago
• 0xHossam / KernelCallbackTable-Injection-PoC
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆232Updated 10 months ago
• WKL-Sec / LayeredSyscall
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆281Updated last year
• klezVirus / DriverJack
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆352Updated last year
• Maldev-Academy / LsassHijackingViaReg
  Injecting DLL into LSASS at boot
  ☆138Updated 4 months ago
• oomar400 / Malware-Development
  Write-ups and proof of concepts of design and implementaion of various modern malwares.
  ☆29Updated 2 years ago
• susMdT / LoudSunRun
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆244Updated 11 months ago
• RWXstoned / LdrShuffle
  Code execution/injection technique using DLL PEB module structure manipulation
  ☆189Updated 3 months ago
• rtecCyberSec / Packer_Development
  Slides & Code snippets for a workshop held @ x33fcon 2024
  ☆269Updated last year
• tanc7 / skidstorm
  ☆24Updated 6 months ago
• ZeroMemoryEx / URootkit
  simple user-mode Rootkit
  ☆106Updated 2 years ago
• TwoSevenOneT / CreateProcessAsPPL
  This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  ☆224Updated last week
• oakkaya / Prince-Ransomware
  Go ransomware utilising ChaCha20 and ECIES encryption.
  ☆46Updated last year
• kleiton0x00 / Proxy-DLL-Loads
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆355Updated 7 months ago
• C5Hackr / Eclipse
  A unique introduction to native runtime obfuscation.
  ☆73Updated 6 months ago
• CICADA8-Research / COMThanasia
  A set of programs for analyzing common vulnerabilities in COM
  ☆229Updated last year
• 0xNinjaCyclone / EarlyCascade
  A PoC for Early Cascade process injection technique.
  ☆193Updated 7 months ago