A new AMSI Bypass technique using .NET ALI Call Hooking.
☆194Nov 15, 2022Updated 3 years ago
Alternatives and similar repositories for AmsiBypassHookManagedAPI
Users that are interested in AmsiBypassHookManagedAPI are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- Indirect Syscalls: HellsGate in Nim, but making sure that all syscalls go through NTDLL (as in RecycledGate).☆185Feb 12, 2023Updated 3 years ago
- Patching AmsiOpenSession by forcing an error branching☆154Aug 2, 2023Updated 2 years ago
- Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations☆162Mar 1, 2024Updated 2 years ago
- Credential Guard Bypass Via Patching Wdigest Memory☆336Feb 3, 2023Updated 3 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Threadless Process Injection using remote function hooking.☆808Sep 4, 2024Updated last year
- A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.☆327Jan 31, 2023Updated 3 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆91Dec 15, 2022Updated 3 years ago
- A string obfuscator for .NET apps, built to evade static string analysis.☆109Jan 3, 2023Updated 3 years ago
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- C# havoc implant☆100Feb 12, 2023Updated 3 years ago
- A simple PE loader.☆27Dec 9, 2022Updated 3 years ago
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- DLL sideloading/proxying with Nim!☆173Dec 4, 2022Updated 3 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆137Dec 20, 2022Updated 3 years ago
- Infect Shared Files In Memory for Lateral Movement☆192Dec 14, 2022Updated 3 years ago
- Lifetime AMSI bypass☆673Sep 26, 2023Updated 2 years ago
- Fully modular persistence framework☆259Apr 10, 2023Updated 3 years ago
- ☆246Dec 16, 2022Updated 3 years ago
- Patch AMSI and ETW☆249May 8, 2024Updated last year
- A BOF to determine Windows Defender exclusions.☆256Jun 25, 2023Updated 2 years ago
- Performing Indirect Clean Syscalls☆607Apr 19, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…☆395Jan 9, 2024Updated 2 years ago
- Execute unmanaged Windows executables in CobaltStrike Beacons☆717Mar 4, 2023Updated 3 years ago
- Load a dynamic library from memory by modifying the native Windows loader☆291Jun 18, 2025Updated 9 months ago
- Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…☆322Aug 2, 2023Updated 2 years ago
- C# Based Universal API Unhooker☆409Feb 18, 2022Updated 4 years ago
- C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.☆111Apr 14, 2023Updated 2 years ago
- Silence EDRs by removing kernel callbacks☆239Dec 7, 2020Updated 5 years ago
- ShellcodeFluctuation PoC ported to Nim☆79Oct 14, 2022Updated 3 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆186Jul 21, 2022Updated 3 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- ErebusGate for Nim Bypass AV/EDR☆160Nov 7, 2022Updated 3 years ago
- PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.☆620Sep 26, 2023Updated 2 years ago
- ☆153Jan 6, 2023Updated 3 years ago
- Cobalt Strike BOF for quser.exe implementation using Windows API☆87Mar 22, 2023Updated 3 years ago
- C# Reflective loader for unmanaged binaries.��☆445Jan 25, 2023Updated 3 years ago
- A windows token impersonation tool☆322Apr 19, 2023Updated 2 years ago
- D/Invoke implementation in Nim☆100Jun 8, 2022Updated 3 years ago