cybersectroll/TrollAMSI external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

cybersectroll/TrollAMSI

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/cybersectroll/TrollAMSI)

Close

cybersectroll / TrollAMSIView on GitHubMore

• External links
• Readme badge

☆187Jun 14, 2025Updated 9 months ago

Alternatives and similar repositories for TrollAMSI

Users that are interested in TrollAMSI are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• cybersectroll / TrollUAC

  View on GitHub
  ☆143May 22, 2024Updated last year
• cybersectroll / TrollDump

  View on GitHub
  ☆84May 19, 2024Updated last year
• sexyiam / UAC-Bypass

  View on GitHub
  UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.
  ☆52May 8, 2024Updated last year
• AlteredSecurity / Disable-TamperProtection

  View on GitHub
  A POC to disable TamperProtection and other Defender / MDE components
  ☆255Jun 6, 2024Updated last year
• ricardojoserf / TrickDump

  View on GitHub
  Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
  ☆541May 9, 2025Updated 10 months ago
• vxCrypt0r / Voidgate

  View on GitHub
  A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…
  ☆592Jun 12, 2024Updated last year
• Offensive-Panda / LsassReflectDumping

  View on GitHub
  This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…
  ☆216Oct 19, 2024Updated last year
• ricardojoserf / NativeDump

  View on GitHub
  Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
  ☆701May 7, 2025Updated 10 months ago
• cybersectroll / SharpPersistSD

  View on GitHub
  ☆91May 15, 2024Updated last year
• BlackSnufkin / NyxInvoke

  View on GitHub
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆234Feb 12, 2025Updated last year
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• sevagas / Advanced_Initial_access_in_2024_OffensiveX

  View on GitHub
  Resources linked to my presentation at OffensiveX in Athens in June 2024 on the topic "Breach the Gat, Advanced Initial Access in 2024"
  ☆147Aug 15, 2024Updated last year
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆374Apr 19, 2023Updated 2 years ago
• decoder-it / ADCSCoercePotato

  View on GitHub
  ☆244May 5, 2024Updated last year
• Meowmycks / LetMeowIn

  View on GitHub
  A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.
  ☆444Jul 8, 2024Updated last year
• CICADA8-Research / IHxExec

  View on GitHub
  Process injection alternative
  ☆407Sep 6, 2024Updated last year
• MayerDaniel / profiler-lateral-movement

  View on GitHub
  Lateral Movement via the .NET Profiler
  ☆100Nov 21, 2024Updated last year
• 0xsp-SRD / MDE_Enum

  View on GitHub
  comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…
  ☆211Jun 10, 2024Updated last year
• rtecCyberSec / Packer_Development

  View on GitHub
  Slides & Code snippets for a workshop held @ x33fcon 2024
  ☆284Jun 15, 2024Updated last year
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆189Jan 17, 2026Updated 2 months ago
• FalconForceTeam / SOAPHound

  View on GitHub
  SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…
  ☆866Feb 3, 2024Updated 2 years ago
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆268Apr 8, 2025Updated 11 months ago
• V-i-x-x / AMSI-WRITE-RAID-BYPASS

  View on GitHub
  "AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
  ☆316Sep 30, 2025Updated 5 months ago
• ZephrFish / QoL-BOFs

  View on GitHub
  Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning
  ☆138Dec 7, 2025Updated 3 months ago
• CICADA8-Research / RemoteKrbRelay

  View on GitHub
  Remote Kerberos Relay made easy! Advanced Kerberos Relay Framework
  ☆640May 8, 2025Updated 10 months ago
• Tylous / FaceDancer

  View on GitHub
  FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loadi…
  ☆407Sep 26, 2024Updated last year
• synacktiv / SCCMSecrets

  View on GitHub
  SCCMSecrets.py aims at exploiting SCCM policies distribution for credentials harvesting, initial access and lateral movement.
  ☆265Nov 22, 2025Updated 4 months ago
• 0xEr3bus / RdpStrike

  View on GitHub
  Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP.
  ☆250Jun 11, 2024Updated last year
• KiExitDispatcher / Lifetime-Amsi-EtwPatch

  View on GitHub
  Two in one, patch lifetime powershell console, no more etw and amsi!
  ☆103Apr 27, 2025Updated 10 months ago
• REDMED-X / OperatorsKit

  View on GitHub
  Collection of Beacon Object Files (BOF) for Cobalt Strike
  ☆681Aug 15, 2025Updated 7 months ago
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆233Oct 30, 2025Updated 4 months ago
• logangoins / Stifle

  View on GitHub
  .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
  ☆150Feb 10, 2025Updated last year
• Leo4j / Invoke-SessionHunter

  View on GitHub
  Retrieve and display information about active user sessions on remote computers. No admin privileges required.
  ☆209Aug 12, 2024Updated last year
• jsecu / ModTask

  View on GitHub
  ☆53Sep 23, 2025Updated 5 months ago
• mlcsec / EDRenum-BOF

  View on GitHub
  Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.
  ☆133Oct 4, 2024Updated last year
• NtDallas / KrakenMask

  View on GitHub
  Sleep obfuscation
  ☆271Dec 13, 2024Updated last year
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• almounah / go-buena-clr

  View on GitHub
  Good CLR Host with Native patchless AMSI Bypass
  ☆106Apr 18, 2025Updated 11 months ago
• vxCrypt0r / AMSI_VEH

  View on GitHub
  A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…
  ☆169May 30, 2024Updated last year