pracsec/AmsiBypassHookManagedAPI external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

pracsec/AmsiBypassHookManagedAPI

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/pracsec/AmsiBypassHookManagedAPI)

Close

pracsec / AmsiBypassHookManagedAPIView on GitHubMore

• External links
• Readme badge

A new AMSI Bypass technique using .NET ALI Call Hooking.

☆194Nov 15, 2022Updated 3 years ago

Alternatives and similar repositories for AmsiBypassHookManagedAPI

Users that are interested in AmsiBypassHookManagedAPI are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• bohops / DynamicDotNet

  View on GitHub
  A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
  ☆145May 18, 2024Updated 2 years ago
• eversinc33 / BouncyGate

  View on GitHub
  Indirect Syscalls: HellsGate in Nim, but making sure that all syscalls go through NTDLL (as in RecycledGate).
  ☆186Feb 12, 2023Updated 3 years ago
• SaadAhla / AMSI_patch

  View on GitHub
  Patching AmsiOpenSession by forcing an error branching
  ☆154Aug 2, 2023Updated 2 years ago
• mlcsec / ASRenum-BOF

  View on GitHub
  Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
  ☆163Mar 1, 2024Updated 2 years ago
• wh0amitz / BypassCredGuard

  View on GitHub
  Credential Guard Bypass Via Patching Wdigest Memory
  ☆338Feb 3, 2023Updated 3 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• CCob / ThreadlessInject

  View on GitHub
  Threadless Process Injection using remote function hooking.
  ☆817Sep 4, 2024Updated last year
• OmriBaso / RToolZ

  View on GitHub
  A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.
  ☆328Jan 31, 2023Updated 3 years ago
• mgeeky / msi-shenanigans

  View on GitHub
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆91Dec 15, 2022Updated 3 years ago
• dr4k0nia / MurkyStrings

  View on GitHub
  A string obfuscator for .NET apps, built to evade static string analysis.
  ☆109Jan 3, 2023Updated 3 years ago
• jfmaes / AmsiHooker

  View on GitHub
  Hookers are cooler than patches.
  ☆170Jan 21, 2022Updated 4 years ago
• deepinstinct / AMSI-Unchained

  View on GitHub
  Unchain AMSI by patching the provider’s unmonitored memory space
  ☆91Nov 24, 2022Updated 3 years ago
• LethalSnake1337 / PE-Loader-exercise

  View on GitHub
  A simple PE loader.
  ☆27Dec 9, 2022Updated 3 years ago
• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆147Feb 11, 2023Updated 3 years ago
• susMdT / SharpAgent

  View on GitHub
  C# havoc implant
  ☆101Feb 12, 2023Updated 3 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• byt3bl33d3r / NimDllSideload

  View on GitHub
  DLL sideloading/proxying with Nim!
  ☆174Dec 4, 2022Updated 3 years ago
• CymulateResearch / Blindside

  View on GitHub
  Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
  ☆140Dec 20, 2022Updated 3 years ago
• OccamsXor / Dragnmove

  View on GitHub
  Infect Shared Files In Memory for Lateral Movement
  ☆192Dec 14, 2022Updated 3 years ago
• ZeroMemoryEx / Amsi-Killer

  View on GitHub
  Lifetime AMSI bypass
  ☆676Sep 26, 2023Updated 2 years ago
• RedSiege / PersistAssist

  View on GitHub
  Fully modular persistence framework
  ☆259Apr 10, 2023Updated 3 years ago
• nettitude / ShellcodeMutator

  View on GitHub
  ☆246Dec 16, 2022Updated 3 years ago
• Mr-Un1k0d3r / AMSI-ETW-Patch

  View on GitHub
  Patch AMSI and ETW
  ☆252May 8, 2024Updated 2 years ago
• EspressoCake / Defender_Exclusions-BOF

  View on GitHub
  A BOF to determine Windows Defender exclusions.
  ☆256Jun 25, 2023Updated 2 years ago
• Maldev-Academy / HellHall

  View on GitHub
  Performing Indirect Clean Syscalls
  ☆612May 2, 2026Updated 2 weeks ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• iilegacyyii / ThreadlessInject-BOF

  View on GitHub
  BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…
  ☆400Jan 9, 2024Updated 2 years ago
• Octoberfest7 / Inline-Execute-PE

  View on GitHub
  Execute unmanaged Windows executables in CobaltStrike Beacons
  ☆721Mar 4, 2023Updated 3 years ago
• SaadAhla / D1rkLdr

  View on GitHub
  Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…
  ☆323Aug 2, 2023Updated 2 years ago
• GetRektBoy724 / SharpUnhooker

  View on GitHub
  C# Based Universal API Unhooker
  ☆410Feb 18, 2022Updated 4 years ago
• SECFORCE / SharpWhispers

  View on GitHub
  C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.
  ☆111Apr 14, 2023Updated 3 years ago
• EvanMcBroom / perfect-loader

  View on GitHub
  Load a dynamic library from memory by modifying the native Windows loader
  ☆301May 5, 2026Updated 2 weeks ago
• lawiet47 / STFUEDR

  View on GitHub
  Silence EDRs by removing kernel callbacks
  ☆239Dec 7, 2020Updated 5 years ago
• S3cur3Th1sSh1t / NimShellcodeFluctuation

  View on GitHub
  ShellcodeFluctuation PoC ported to Nim
  ☆79Oct 14, 2022Updated 3 years ago
• Sh0ckFR / InlineWhispers2

  View on GitHub
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
  ☆186Jul 21, 2022Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• Haunted-Banshee / ErebusGate

  View on GitHub
  ErebusGate for Nim Bypass AV/EDR
  ☆160Nov 7, 2022Updated 3 years ago
• Idov31 / Cronos

  View on GitHub
  PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
  ☆625Sep 26, 2023Updated 2 years ago
• nettitude / RunOF

  View on GitHub
  ☆153Jan 6, 2023Updated 3 years ago
• netero1010 / Quser-BOF

  View on GitHub
  Cobalt Strike BOF for quser.exe implementation using Windows API
  ☆87Mar 22, 2023Updated 3 years ago
• sensepost / impersonate

  View on GitHub
  A windows token impersonation tool
  ☆323Apr 19, 2023Updated 3 years ago
• nettitude / RunPE

  View on GitHub
  C# Reflective loader for unmanaged binaries.
  ☆448Jan 25, 2023Updated 3 years ago
• S3cur3Th1sSh1t / Nim_DInvoke

  View on GitHub
  D/Invoke implementation in Nim
  ☆101Jun 8, 2022Updated 3 years ago