backdoorskid/ClrAmsiScanPatcher external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

backdoorskid/ClrAmsiScanPatcher

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/backdoorskid/ClrAmsiScanPatcher)

Close

backdoorskid / ClrAmsiScanPatcherView on GitHubMore

• External links
• Readme badge

Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET

☆54May 5, 2025Updated 11 months ago

Alternatives and similar repositories for ClrAmsiScanPatcher

Users that are interested in ClrAmsiScanPatcher are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• Teach2Breach / snapinject_rs

  View on GitHub
  A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …
  ☆50Jan 25, 2025Updated last year
• iilegacyyii / DataInject-BOF

  View on GitHub
  Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll
  ☆150Apr 18, 2025Updated 11 months ago
• ZephrFish / DynamicMSBuilder

  View on GitHub
  A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation
  ☆36Dec 7, 2025Updated 4 months ago
• almounah / go-buena-clr

  View on GitHub
  Good CLR Host with Native patchless AMSI Bypass
  ☆105Apr 18, 2025Updated 11 months ago
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆335Mar 6, 2025Updated last year
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• electroglyph / anti_defender

  View on GitHub
  A slightly more fun way to disable windows defender
  ☆51May 4, 2025Updated 11 months ago
• SafeBreach-Labs / EventLogin-CVE-2025-29969

  View on GitHub
  Exploitation of CVE-2025-29969
  ☆63Feb 20, 2026Updated last month
• andreisss / Living-off-the-COM-Type-Coercion-Abuse

  View on GitHub
  This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…
  ☆53May 16, 2025Updated 10 months ago
• Shrfnt77 / AmsiBypass

  View on GitHub
  Bypassing Amsi using LdrLoadDll
  ☆48Jan 8, 2025Updated last year
• JayGLXR / Rusty-Stardust

  View on GitHub
  A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…
  ☆61Mar 17, 2025Updated last year
• winsecurity / AMSI-Bypass-HWBP

  View on GitHub
  ☆26Aug 11, 2025Updated 8 months ago
• ColeHouston / theHandler-BOF

  View on GitHub
  Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
  ☆40Aug 5, 2025Updated 8 months ago
• tijme / nimplant-beacon-position-independent-c-code

  View on GitHub
  A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.
  ☆67Feb 11, 2025Updated last year
• fin3ss3g0d / StoneKeeper

  View on GitHub
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆209Dec 25, 2024Updated last year
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• NoahKirchner / jopcall

  View on GitHub
  Dynamic Indirect Syscalls via JOP/ROP in Pure no_std, no_alloc, no dependency Rust
  ☆44Aug 6, 2025Updated 8 months ago
• 0xflux / Scil

  View on GitHub
  System Call Integrity Layer - experimental security research
  ☆25Updated this week
• dmcxblue / PyObscura

  View on GitHub
  A python script that automates a C2 Profile build
  ☆48Dec 14, 2025Updated 4 months ago
• 0xRedpoll / SignalKeyBOF

  View on GitHub
  BOF to decrypt Signal Desktop chat logs
  ☆70Feb 20, 2025Updated last year
• CICADA8-Research / Spyndicapped

  View on GitHub
  COM ViewLogger — new malware keylogging technique
  ☆407Jan 6, 2025Updated last year
• susMdT / SharpIndirectSyscalls

  View on GitHub
  ☆11Feb 12, 2023Updated 3 years ago
• aitorfirm / BlackIris

  View on GitHub
  Thats it! An Open-Source Windows UEFI Rootkit
  ☆29Jul 19, 2025Updated 8 months ago
• andreisss / Ghosting-AMSI

  View on GitHub
  Ghosting-AMSI
  ☆234Apr 24, 2025Updated 11 months ago
• dis0rder0x00 / ParentProcessManipulation-LNK

  View on GitHub
  Using LNK files and user input simulation to start processes under explorer.exe
  ☆34Sep 21, 2024Updated last year
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• 0xTriboulet / rssh-rs

  View on GitHub
  ☆55May 31, 2025Updated 10 months ago
• kr0tt / EarlyExceptionHandling

  View on GitHub
  Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH
  ☆136Aug 31, 2025Updated 7 months ago
• nbaertsch / PoolProxy

  View on GitHub
  Proxy function calls through the thread pool with ease
  ☆31Feb 27, 2025Updated last year
• dobin / defender2yara

  View on GitHub
  Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB
  ☆24Jun 27, 2025Updated 9 months ago
• rasta-mouse / process-inject-kit

  View on GitHub
  Port of Cobalt Strike's Process Inject Kit
  ☆193Dec 1, 2024Updated last year
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆269Apr 8, 2025Updated last year
• Octoberfest7 / enumhandles_BOF

  View on GitHub
  ☆127Sep 1, 2024Updated last year
• affix / rusty-hollow

  View on GitHub
  Unix Process hollowing in rust
  ☆22Dec 16, 2024Updated last year
• MpCmdRun / uac-bypass

  View on GitHub
  ATL.dll and WmiMgmt.msc UAC Bypass
  ☆13Apr 26, 2025Updated 11 months ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• Fudgedotdotdot / nimpersonate

  View on GitHub
  Impersonate Windows tokens in Nim
  ☆23Aug 4, 2025Updated 8 months ago
• ly4k / Impacket

  View on GitHub
  Modified version of Impacket to use dynamic NTLMv2 Challenge/Response
  ☆20Dec 26, 2022Updated 3 years ago
• cbwang505 / FilesystemEoPDesktopSystemShell

  View on GitHub
  Folder Or File Delete to Get System Shell on Current Session Desktop
  ☆47Jan 14, 2025Updated last year
• xforcered / Being-A-Good-CLR-Host

  View on GitHub
  ☆138Jan 16, 2025Updated last year
• 0xTriboulet / Abomination

  View on GitHub
  A synergized Visual Studio and Rust development environment
  ☆19Jan 25, 2025Updated last year
• hwbp / LazyHook

  View on GitHub
  Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.
  ☆136Dec 8, 2025Updated 4 months ago
• dr4ndrei / OHFFLdr

  View on GitHub
  One-header configurable C++20 COFF loader
  ☆19Jul 21, 2025Updated 8 months ago