backdoorskid / ClrAmsiScanPatcherLinks
Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET
☆37Updated last month
Alternatives and similar repositories for ClrAmsiScanPatcher
Users that are interested in ClrAmsiScanPatcher are comparing it to the libraries listed below
Sorting:
- Repository to gather the .NET malware I will be developing☆18Updated 2 months ago
- Shellcode Loader Utilizing ETW Events☆63Updated 3 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆73Updated 9 months ago
- ☆62Updated 4 months ago
- converts sRDI compatible dlls to shellcode☆29Updated 4 months ago
- early cascade injection PoC based on Outflanks blog post, in rust☆58Updated 6 months ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆48Updated last year
- Proxy function calls through the thread pool with ease☆28Updated 3 months ago
- shell code example☆49Updated 3 weeks ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆61Updated last year
- API Hammering with C++20☆46Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆24Updated 8 months ago
- ☆86Updated 9 months ago
- Impersonate Tokens using only NTAPI functions☆73Updated 2 months ago
- PoC to self-delete a binary in C#☆33Updated last year
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆78Updated 3 months ago
- Bypassing Amsi using LdrLoadDll☆44Updated 4 months ago
- ☆55Updated 7 months ago
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- C# API for Nidhogg rootkit☆17Updated last year
- Cortex EDR Ransomware protection Bypass☆24Updated 3 months ago
- Execute dotnet app from unmanaged process☆75Updated 5 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆48Updated 3 weeks ago
- This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…☆39Updated 3 weeks ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 10 months ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆29Updated 4 months ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆89Updated 11 months ago
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated 10 months ago
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆62Updated last year