I have documented all of the AMSI patches that I learned till now
☆73Nov 4, 2025Updated 7 months ago
Alternatives and similar repositories for AMSI-patches-learned-till-now
Users that are interested in AMSI-patches-learned-till-now are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.☆25Jul 5, 2023Updated 2 years ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆141Sep 14, 2024Updated last year
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆267Apr 29, 2023Updated 3 years ago
- Patching AmsiOpenSession by forcing an error branching☆154Aug 2, 2023Updated 2 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆179Feb 10, 2023Updated 3 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Simple BOF to read the protection level of a process☆123May 10, 2023Updated 3 years ago
- ☆179Mar 27, 2023Updated 3 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆411Jan 11, 2026Updated 4 months ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated 2 years ago
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆35Mar 28, 2023Updated 3 years ago
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- Lifetime AMSI bypass☆680Sep 26, 2023Updated 2 years ago
- Abuse Impersonate Privilege from Service to SYSTEM like other potatoes do☆406Feb 6, 2023Updated 3 years ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 3 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Abuse leaked token handles.☆136Dec 14, 2023Updated 2 years ago
- Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell pro…☆85Aug 2, 2023Updated 2 years ago
- A C# port from Invoke-GhostTask☆121Jan 5, 2024Updated 2 years ago
- BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…☆400Jan 9, 2024Updated 2 years ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆694Aug 15, 2025Updated 9 months ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆728Jul 19, 2023Updated 2 years ago
- This lightweight C# demo application showcases interactive remote shell access via named pipes and the SMB protocol.☆122Feb 21, 2025Updated last year
- ☆83Nov 1, 2023Updated 2 years ago
- Alternative Shellcode Execution Via Callbacks in C# with P/Invoke☆87Feb 26, 2023Updated 3 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- BOF with Synthetic Stackframe☆249Oct 30, 2025Updated 7 months ago
- The code is a pingback to the Dark Vortex blog:☆189Jan 26, 2023Updated 3 years ago
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆477Jul 6, 2024Updated last year
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆174Mar 15, 2023Updated 3 years ago
- Utilizng an MCP Server to communicate with your C2☆92May 15, 2025Updated last year
- A BOF that runs unmanaged PEs inline☆702Oct 23, 2024Updated last year
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆181Feb 14, 2023Updated 3 years ago
- ☆48Feb 11, 2023Updated 3 years ago
- laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.☆501Jan 10, 2023Updated 3 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆100Feb 28, 2023Updated 3 years ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆227Jul 25, 2023Updated 2 years ago
- ☆224Oct 22, 2023Updated 2 years ago
- ☆128Jun 28, 2023Updated 2 years ago
- Threadless Process Injection using remote function hooking.☆817Sep 4, 2024Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆204Aug 2, 2023Updated 2 years ago
- ETW based POC to identify direct and indirect syscalls☆197Apr 19, 2023Updated 3 years ago