AMSI detection PoC
☆31Apr 14, 2020Updated 5 years ago
Alternatives and similar repositories for AMSIDetection
Users that are interested in AMSIDetection are comparing it to the libraries listed below
Sorting:
- Writing Your Own Ticket to the Cloud Like APT: A Deep-dive to AD FS Attacks, Detections, and Mitigations☆12Dec 9, 2022Updated 3 years ago
- A spin-off research project. Cobalt Strike x Notion collab 2022☆53Apr 8, 2022Updated 3 years ago
- Identify common attack paths to get Domain Administrator☆21Aug 20, 2019Updated 6 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆34Sep 15, 2022Updated 3 years ago
- A PoC project for embedding shellcode to Hint/Name Table☆113May 16, 2022Updated 3 years ago
- Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.☆155Dec 22, 2020Updated 5 years ago
- ☆152Jan 6, 2023Updated 3 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆41Dec 31, 2020Updated 5 years ago
- LSASS enumeration like pypykatz written in C-Lang☆20Dec 1, 2021Updated 4 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆53May 21, 2020Updated 5 years ago
- Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.☆85May 7, 2023Updated 2 years ago
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆41Sep 23, 2021Updated 4 years ago
- Create file system symbolic links from low privileged user accounts within PowerShell☆95Jun 20, 2022Updated 3 years ago
- C# implementation of Shellcode delivery techniques using PInvoke and DInvoke variations for API calling.☆37Dec 20, 2021Updated 4 years ago
- YouTube/Livestream project for obfuscating C# source code using Roslyn☆129May 9, 2021Updated 4 years ago
- Hijack Printconfig.dll to execute shellcode☆100Jan 15, 2021Updated 5 years ago
- C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)☆25Mar 7, 2023Updated 2 years ago
- ☆81Feb 12, 2022Updated 4 years ago
- Universal Unhooking☆326Sep 19, 2018Updated 7 years ago
- Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD☆28Jan 4, 2024Updated 2 years ago
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆31Jan 14, 2023Updated 3 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆109Oct 10, 2021Updated 4 years ago
- XOrCryptEx lightweight C Utility/Algorithm☆11Mar 3, 2022Updated 3 years ago
- An example of how a driver can register a handle creation callback.☆16Jun 12, 2023Updated 2 years ago
- doesnt work and wont work on it anymore☆10Jul 8, 2024Updated last year
- Volatility 3 plugins to extract a module as complete as possible☆12Jun 13, 2023Updated 2 years ago
- ☆11Mar 19, 2019Updated 6 years ago
- ☆48Nov 18, 2020Updated 5 years ago
- Execute PowerShell code at the antimalware-light protection level.☆141Dec 13, 2022Updated 3 years ago
- ☆26Dec 29, 2021Updated 4 years ago
- Implementation of b4rtiks's SharpMiniDump using NTFS transactions to avoid writting the minidump to disk and exfiltrating it via HTTPS us…☆71Nov 14, 2020Updated 5 years ago
- IOXIDResolver from AirBus Security/PingCastle☆51Nov 25, 2020Updated 5 years ago
- Timestomp Tool to flatten MAC times with a specific timestamp☆49Dec 7, 2025Updated 2 months ago
- Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.☆147Sep 8, 2022Updated 3 years ago
- Dynamically invoke arbitrary unmanaged code from managed code without PInvoke.☆772Dec 21, 2022Updated 3 years ago
- Start new PowerShell without etw and amsi in pure nim☆157Feb 14, 2022Updated 4 years ago
- Load .net assemblies from memory while having them appear to be loaded from an on-disk location.☆173May 5, 2021Updated 4 years ago