deepinstinct/AMSI-Unchained external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

deepinstinct/AMSI-Unchained

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/deepinstinct/AMSI-Unchained)

Close

deepinstinct / AMSI-UnchainedView on GitHubMore

• External links
• Readme badge

Unchain AMSI by patching the provider’s unmonitored memory space

☆91Nov 24, 2022Updated 3 years ago

Alternatives and similar repositories for AMSI-Unchained

Users that are interested in AMSI-Unchained are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• S3cur3Th1sSh1t / Nim_DInvoke

  View on GitHub
  D/Invoke implementation in Nim
  ☆100Jun 8, 2022Updated 3 years ago
• jfmaes / AmsiHooker

  View on GitHub
  Hookers are cooler than patches.
  ☆170Jan 21, 2022Updated 4 years ago
• cube0x0 / ParallelSyscalls

  View on GitHub
  C# version of MDSec's ParallelSyscalls
  ☆143Jan 9, 2022Updated 4 years ago
• codewhitesec / Lastenzug

  View on GitHub
  Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
  ☆234Oct 18, 2022Updated 3 years ago
• waawaa / AMSI_Rubeus_bypass

  View on GitHub
  ☆72Aug 2, 2022Updated 3 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• GetRektBoy724 / SharpHalos

  View on GitHub
  My implementation of Halo's Gate technique in C#
  ☆54Apr 20, 2022Updated 3 years ago
• oXis / NimWinAPICustom

  View on GitHub
  Resolve WinAPI func. Custom GetProcAddress and GetModuleHandle written in Nim
  ☆32Jun 2, 2021Updated 4 years ago
• netbiosX / AMSI-Provider

  View on GitHub
  A fake AMSI Provider which can be used for persistence.
  ☆156May 16, 2021Updated 4 years ago
• GetRektBoy724 / SyscallShuffler

  View on GitHub
  Your NTDLL vaccine from modern direct syscall methods.
  ☆36Apr 5, 2022Updated 4 years ago
• frkngksl / NiCOFF

  View on GitHub
  COFF and BOF Loader written in Nim
  ☆173Updated this week
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• jfmaes / Invoke-DLLClone

  View on GitHub
  Koppeling x Metatwin x LazySign
  ☆217Aug 26, 2021Updated 4 years ago
• netero1010 / Quser-BOF

  View on GitHub
  Cobalt Strike BOF for quser.exe implementation using Windows API
  ☆87Mar 22, 2023Updated 3 years ago
• aniqfakhrul / certifried.py

  View on GitHub
  ☆16May 20, 2022Updated 3 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• rad9800 / WTSRM2

  View on GitHub
  ☆164Dec 30, 2022Updated 3 years ago
• SaadAhla / D1rkSleep

  View on GitHub
  Improved version of EKKO by @5pider that Encrypts only Image Sections
  ☆125Feb 13, 2023Updated 3 years ago
• audibleblink / davil

  View on GitHub
  leaking net-ntlm with webdav
  ☆26Feb 23, 2021Updated 5 years ago
• Octoberfest7 / EventViewerUAC_BOF

  View on GitHub
  Beacon Object File implementation of Event Viewer deserialization UAC bypass
  ☆133May 6, 2022Updated 3 years ago
• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆279Jan 23, 2025Updated last year
• LloydLabs / shellcode-plain-sight

  View on GitHub
  Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
  ☆211Nov 12, 2025Updated 4 months ago
• mgeeky / msi-shenanigans

  View on GitHub
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆91Dec 15, 2022Updated 3 years ago
• whydee86 / SnD_AMSI

  View on GitHub
  Start new PowerShell without etw and amsi in pure nim
  ☆157Feb 14, 2022Updated 4 years ago
• eversinc33 / BouncyGate

  View on GitHub
  Indirect Syscalls: HellsGate in Nim, but making sure that all syscalls go through NTDLL (as in RecycledGate).
  ☆185Feb 12, 2023Updated 3 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• paranoidninja / Proxy-DLL-Loads

  View on GitHub
  The code is a pingback to the Dark Vortex blog:
  ☆186Jan 26, 2023Updated 3 years ago
• kyleavery / pendulum

  View on GitHub
  Linux Sleep Obfuscation
  ☆114Jan 7, 2024Updated 2 years ago
• klezVirus / SharpLdapRelayScan

  View on GitHub
  C# Port of LdapRelayScan
  ☆91Nov 26, 2025Updated 4 months ago
• klezVirus / NimlineWhispers3

  View on GitHub
  A tool for converting SysWhispers3 syscalls for use with Nim projects
  ☆148Jun 2, 2022Updated 3 years ago
• S3cur3Th1sSh1t / NimGetSyscallStub

  View on GitHub
  Get fresh Syscalls from a fresh ntdll.dll copy
  ☆234Jan 28, 2022Updated 4 years ago
• mdsecactivebreach / ParallelSyscalls

  View on GitHub
  ☆170Jan 7, 2022Updated 4 years ago
• CymulateResearch / Blindside

  View on GitHub
  Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
  ☆137Dec 20, 2022Updated 3 years ago
• Mr-Un1k0d3r / AMSI-ETW-Patch

  View on GitHub
  Patch AMSI and ETW
  ☆249May 8, 2024Updated last year
• alfarom256 / StinkyLoader

  View on GitHub
  It stinks
  ☆103Apr 22, 2022Updated 3 years ago
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• mdsecactivebreach / DragonCastle

  View on GitHub
  A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.
  ☆303Oct 26, 2022Updated 3 years ago
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• soufianetahiri / CitrixSecureAccessAuthCookieDump

  View on GitHub
  Dump Citrix Secure Access auth cookie from the process memory
  ☆76Jun 24, 2022Updated 3 years ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆375Apr 19, 2023Updated 2 years ago
• GetRektBoy724 / SharpLoadLibrary

  View on GitHub
  An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.
  ☆55Mar 3, 2022Updated 4 years ago
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• thefLink / RecycledGate

  View on GitHub
  Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
  ☆501Feb 3, 2022Updated 4 years ago