plackyhacker / AMSI-Bypass

Related projects ⓘ

Alternatives and complementary repositories for AMSI-Bypass

• zimnyaa / fiber-stager
  A simple Nim stager (w/ fiber execution)
  ☆16Updated 2 years ago
• pwn1sher / RTImplant
  Just another casual shellcode native loader
  ☆24Updated 2 years ago
• zimnyaa / nim-noload-dll-hollowing
  Unused DLL hollowing PoC in Nim
  ☆16Updated 2 years ago
• rad9800 / BloatedHammer
  API Hammering with C++20
  ☆34Updated 2 years ago
• m8sec / EAPrimer
  C# project to Reflectively load .Net assemblies in memory
  ☆17Updated 5 months ago
• GetRektBoy724 / Breaking-Detecting-Direct-Syscall-Techniques
  A repository filled with ideas to break/detect direct syscall techniques
  ☆26Updated 2 years ago
• GetRektBoy724 / SharpLoadLibrary
  An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.
  ☆53Updated 2 years ago
• mobdk / Sigma
  Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx
  ☆14Updated 3 years ago
• GetRektBoy724 / SysGate
  One gate to all syscalls!
  ☆23Updated 2 years ago
• Octoberfest7 / Proxy_Egress_Persistence
  A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies
  ☆32Updated 2 years ago
• fin3ss3g0d / HookFinder
  Simple PoC to locate hooked functions by EDR in ntdll.dll
  ☆32Updated last year
• synap5e / onefile_python
  Run python from a single exe
  ☆34Updated 2 years ago
• mgeeky / unhook-bof
  Remove API hooks from a Beacon process.
  ☆12Updated 3 years ago
• Allevon412 / BreadBear
  A PoC~ish of https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/
  ☆30Updated 8 months ago
• Octoberfest7 / Backstab_BOF
  Beacon Object File implementation of Yaxser's Backstab
  ☆14Updated 2 years ago
• G0ldenGunSec / DayBird
  Extension functionality for the NightHawk operator client
  ☆26Updated last year
• hackerhouse-opensource / envschtasksuacbypass
  Bypass UAC elevation on Windows 8 (build 9600) & above.
  ☆53Updated 2 years ago
• ps1337 / Lastenzug
  Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level
  ☆25Updated 2 years ago
• passthehashbrowns / suspendedunhook
  ☆37Updated 3 years ago
• mobdk / Upsilon
  Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
  ☆92Updated 3 years ago
• tomcarver16 / SimpleInjector
  A simple injector that uses LoadLibraryA
  ☆16Updated 4 years ago
• Orange-Cyberdefense / EDRSnowblast
  This project is an EDRSandblast fork, adding some features and custom pieces of code.
  ☆21Updated last year
• passthehashbrowns / DInvokeProcessHollowing
  ☆26Updated 4 years ago
• zimawhit3 / DynimicGhostWriting
  Windows x64 Process Injection via Ghostwriting with Dynamic Configuration
  ☆27Updated 3 years ago
• klezVirus / LoGiC.NET
  A more advanced free and open .NET obfuscator using dnlib.
  ☆10Updated 2 years ago