A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.
☆1,166Jul 19, 2024Updated last year
Alternatives and similar repositories for PowerShell-Obfuscation-Bible
Users that are interested in PowerShell-Obfuscation-Bible are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,198Oct 16, 2023Updated 2 years ago
- Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality…☆4,367May 21, 2025Updated 10 months ago
- Awesome EDR Bypass Resources For Ethical Hacking☆1,514Jan 26, 2026Updated 2 months ago
- This map lists the essential techniques to bypass anti-virus and EDR☆3,183Mar 28, 2025Updated last year
- Lifetime AMSI bypass☆672Sep 26, 2023Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Dominate Active Directory with PowerShell.☆1,174Nov 28, 2025Updated 4 months ago
- An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer☆742May 19, 2023Updated 2 years ago
- The Hunt for Malicious Strings☆1,372May 13, 2025Updated 10 months ago
- Real fucking shellcode encryptor & obfuscator tool☆1,018Jan 7, 2026Updated 3 months ago
- This repo contains some Amsi Bypass methods i found on different Blog Posts.☆2,142Nov 28, 2024Updated last year
- Automated DLL Sideloading Tool With EDR Evasion Capabilities☆506Dec 19, 2023Updated 2 years ago
- A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage Power…☆818Mar 28, 2025Updated last year
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,375Oct 27, 2023Updated 2 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆375Apr 19, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes☆1,050Jun 20, 2023Updated 2 years ago
- C# obfuscator that bypass windows defender☆812Jun 4, 2023Updated 2 years ago
- a tool to help operate in EDRs' blind spots☆769Dec 2, 2024Updated last year
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆388Jul 30, 2024Updated last year
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆310Dec 9, 2023Updated 2 years ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆790Jan 26, 2026Updated 2 months ago
- ☆720Mar 22, 2024Updated 2 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆1,473Aug 18, 2023Updated 2 years ago
- Windows Local Privilege Escalation Cookbook☆1,295Feb 5, 2026Updated 2 months ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- ☆2,227Nov 24, 2023Updated 2 years ago
- kill anti-malware protected processes ( BYOVD )☆973Jul 21, 2023Updated 2 years ago
- Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques and used by Patchwork group.☆835Jul 2, 2024Updated last year
- HVNC for Cobalt Strike☆1,314Dec 7, 2023Updated 2 years ago
- This repo contains C/C++ snippets that can be handy in specific offensive scenarios.☆764Jan 26, 2025Updated last year
- EDR Lab for Experimentation Purposes☆1,430Mar 1, 2026Updated last month
- A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.☆3,443Jan 19, 2025Updated last year
- Active Directory Auditing and Enumeration☆523Mar 31, 2026Updated last week
- Amsi Bypass payload that works on Windwos 11☆379Jul 30, 2023Updated 2 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Simple & Powerful PowerShell Script Obfuscator☆594May 13, 2025Updated 10 months ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆1,126Jun 10, 2024Updated last year
- Lateral Movement Using DCOM and DLL Hijacking☆325Jun 18, 2023Updated 2 years ago
- Simulate the behavior of AV/EDR for malware development training.☆565Feb 15, 2024Updated 2 years ago
- Spartacus DLL/COM Hijacking Toolkit☆1,077Feb 1, 2024Updated 2 years ago
- Dump NTDS with golden certificates and UnPAC the hash☆646Mar 20, 2024Updated 2 years ago
- The swiss army knife of LSASS dumping☆2,086Sep 17, 2024Updated last year