I have documented all of the AMSI patches that I learned till now
☆73Nov 4, 2025Updated 5 months ago
Alternatives and similar repositories for AMSI-patches-learned-till-now
Users that are interested in AMSI-patches-learned-till-now are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.☆25Jul 5, 2023Updated 2 years ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆263Apr 29, 2023Updated 2 years ago
- Patching AmsiOpenSession by forcing an error branching☆154Aug 2, 2023Updated 2 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆180Feb 10, 2023Updated 3 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- ☆176Mar 27, 2023Updated 3 years ago
- Simple BOF to read the protection level of a process☆119May 10, 2023Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆413Jan 11, 2026Updated 2 months ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆35Mar 28, 2023Updated 3 years ago
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- Lifetime AMSI bypass☆673Sep 26, 2023Updated 2 years ago
- Abuse Impersonate Privilege from Service to SYSTEM like other potatoes do☆402Feb 6, 2023Updated 3 years ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 3 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Abuse leaked token handles.☆136Dec 14, 2023Updated 2 years ago
- Dropping a powershell script at %HOMEPATH%\Documents\WindowsPowershell\ , that contains the implant's path , and whenever powershell pro…☆85Aug 2, 2023Updated 2 years ago
- A C# port from Invoke-GhostTask☆120Jan 5, 2024Updated 2 years ago
- BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…☆395Jan 9, 2024Updated 2 years ago
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆683Aug 15, 2025Updated 7 months ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆720Jul 19, 2023Updated 2 years ago
- Utilizng an MCP Server to communicate with your C2☆89May 15, 2025Updated 10 months ago
- BOF with Synthetic Stackframe☆239Oct 30, 2025Updated 5 months ago
- This lightweight C# demo application showcases interactive remote shell access via named pipes and the SMB protocol.☆122Feb 21, 2025Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- ☆83Nov 1, 2023Updated 2 years ago
- Alternative Shellcode Execution Via Callbacks in C# with P/Invoke☆85Feb 26, 2023Updated 3 years ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆474Jul 6, 2024Updated last year
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆174Mar 15, 2023Updated 3 years ago
- A BOF that runs unmanaged PEs inline☆689Oct 23, 2024Updated last year
- The BackupOperatorToolkit contains different techniques allowing you to escalate from Backup Operator to Domain Admin☆180Feb 14, 2023Updated 3 years ago
- laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.☆502Jan 10, 2023Updated 3 years ago
- ☆48Feb 11, 2023Updated 3 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆225Jul 25, 2023Updated 2 years ago
- ☆224Oct 22, 2023Updated 2 years ago
- ☆128Jun 28, 2023Updated 2 years ago
- Threadless Process Injection using remote function hooking.☆808Sep 4, 2024Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆204Aug 2, 2023Updated 2 years ago
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago