Alternatives and similar repositories for AmsiBypass123

Users that are interested in AmsiBypass123 are comparing it to the libraries listed below

• oldboy21 / CGPL

  View on GitHub
  Yet, Another Packer/Loader
  ☆25Feb 26, 2023Updated 2 years ago
• vifreex / AzShell

  View on GitHub
  Azure APIs enumeration and abuse
  ☆13Dec 20, 2024Updated last year
• x0reaxeax / SyscallHookBypass

  View on GitHub
  NTAPI hook bypass with (semi) legit stack trace
  ☆18May 9, 2023Updated 2 years ago
• Nariod / ronflex

  View on GitHub
  Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for pen…
  ☆13May 11, 2023Updated 2 years ago
• florylsk / active-directory-hacktools

  View on GitHub
  Small collection of Active Directory pentesting tools.
  ☆32Jan 29, 2024Updated 2 years ago
• wsummerhill / Python-Crypter

  View on GitHub
  Custom Python shellcode encryptor and obfuscator
  ☆14Jul 31, 2025Updated 6 months ago
• Sh3lldon / Vulnerable-WinKern-Drivers

  View on GitHub
  Here you can find some vulnerable Windows Kernel Drivers
  ☆13Feb 21, 2025Updated 11 months ago
• x0reaxeax / SysCook64

  View on GitHub
  Indirect Syscall invocation via thread hijacking
  ☆26May 5, 2023Updated 2 years ago
• mis-team / rsockspipe

  View on GitHub
  Tool for pivoting over SMB pipes
  ☆16Jul 20, 2019Updated 6 years ago
• Hagrid29 / BOF-DCOMPotato-PrintNotify

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆96Mar 20, 2023Updated 2 years ago
• x0reaxeax / SilentWrite

  View on GitHub
  PoC arbitrary WPM without a process handle
  ☆21Jul 22, 2023Updated 2 years ago
• SilvestriF3 / Passworld

  View on GitHub
  Passworld is a fully customizable wordlist generator
  ☆16Sep 13, 2024Updated last year
• SafeBreach-Labs / CoWTools

  View on GitHub
  Tools for analyzing Windows containers and break container's isolation
  ☆32Aug 2, 2022Updated 3 years ago
• mgeeky / msi-shenanigans

  View on GitHub
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆90Dec 15, 2022Updated 3 years ago
• SolomonSklash / TokenStealingDriver

  View on GitHub
  ☆22Jul 29, 2021Updated 4 years ago
• PShlyundin / TimeSync

  View on GitHub
  Tool to obtain hash using MS-SNTP for user accounts
  ☆28Jan 22, 2025Updated last year
• ChoiSG / GwisinMsi

  View on GitHub
  PoC MSI payload based on ASEC/AhnLab's blog post
  ☆25Sep 19, 2022Updated 3 years ago
• rasta-mouse / LibGate

  View on GitHub
  A Crystal Palace shared library to resolve & perform syscalls
  ☆56Oct 29, 2025Updated 3 months ago
• d4rkiZ / ProcOpen-PHP-Webshell

  View on GitHub
  Experience the power of a PHP webshell designed to overcome the limitations of blacklisted system/exec functions.
  ☆24Jul 14, 2024Updated last year
• AbdulRhmanAlfaifi / lnk_parser

  View on GitHub
  lnk_parser is a full rust implementation to parse windows LNK files
  ☆22Jul 12, 2025Updated 7 months ago
• ly4k / Impacket

  View on GitHub
  Modified version of Impacket to use dynamic NTLMv2 Challenge/Response
  ☆20Dec 26, 2022Updated 3 years ago
• tomcarver16 / Athena

  View on GitHub
  An injector that aims to be stealthy by using non suspicious API calls. Inspired by (https://github.com/FuzzySecurity/Sharp-Suite/tree/ma…
  ☆24Jun 17, 2020Updated 5 years ago
• scareing / UAC_wenpon

  View on GitHub
  UAC_wenpon
  ☆49Nov 25, 2021Updated 4 years ago
• Freakazoidile / Exploit_Dev

  View on GitHub
  Exploits, Exploits, Exploits and more Exploits!
  ☆33Nov 7, 2020Updated 5 years ago
• ProcessusT / UnhookingDLL

  View on GitHub
  This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…
  ☆71Feb 11, 2024Updated 2 years ago
• nick-frischkorn / SuspendEventLogBOF

  View on GitHub
  Beacon Object File to locate and suspend the threads hosting the Event Log service
  ☆29Jun 17, 2022Updated 3 years ago
• xalicex / Get-DLL-and-Function-Addresses

  View on GitHub
  GetModuleHandle (via PEB) and GetProcAddress (via EAT) like
  ☆32Feb 7, 2022Updated 4 years ago
• mis-team / rsockstun

  View on GitHub
  reverse socks tunneler with ntlm and proxy support
  ☆28Nov 24, 2019Updated 6 years ago
• d35ha / PEReflectiveInjection

  View on GitHub
  Remote PE reflective injection with a simple reflective loader
  ☆32Jun 28, 2019Updated 6 years ago
• y11en / babysc

  View on GitHub
  自用的shellcode生成框架
  ☆33Jul 5, 2023Updated 2 years ago
• GetRektBoy724 / ReversePowernoid

  View on GitHub
  Reverse TCP Powershell has never been this paranoid. (basically an Opsec-safe reverse powershell)
  ☆30Feb 4, 2022Updated 4 years ago
• C5Hackr / Segment-Encryption

  View on GitHub
  ☆29Oct 19, 2024Updated last year
• synacktiv / AMSI-Bypass

  View on GitHub
  Lists of AMSI triggers (VBA, JScript / VBScript)
  ☆33Jun 28, 2019Updated 6 years ago
• neex / tcp-over-http

  View on GitHub
  Shadowsocks-like proxy written in Go
  ☆37Dec 18, 2019Updated 6 years ago
• H4K6 / FilelessPELoader

  View on GitHub
  将PE文件进行AES加密，然后从远程拉取加载内存中实现免杀
  ☆37Mar 1, 2023Updated 2 years ago
• peiga / DumpThatLSASS

  View on GitHub
  Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation
  ☆31Sep 24, 2022Updated 3 years ago
• knight0x07 / Lnk2Vbs

  View on GitHub
  A Python script that embeds Target VBS into LNK and when executed runs the VBS script from within.
  ☆33Dec 5, 2022Updated 3 years ago
• VirtualAlllocEx / Direct-Syscalls-vs-Indirect-Syscalls

  View on GitHub
  The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
  ☆225Jan 20, 2024Updated 2 years ago
• theart42 / Sharpcat

  View on GitHub
  A port of classic netcat to C#
  ☆34Jan 21, 2023Updated 3 years ago