A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.
☆1,186Jul 19, 2024Updated last year
Alternatives and similar repositories for PowerShell-Obfuscation-Bible
Users that are interested in PowerShell-Obfuscation-Bible are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,199Oct 16, 2023Updated 2 years ago
- Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality…☆4,403May 21, 2025Updated last year
- Awesome EDR Bypass Resources For Ethical Hacking☆1,535Jan 26, 2026Updated 5 months ago
- This map lists the essential techniques to bypass anti-virus and EDR☆3,285Mar 28, 2025Updated last year
- Lifetime AMSI bypass☆680Sep 26, 2023Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Dominate Active Directory with PowerShell.☆1,190Nov 28, 2025Updated 7 months ago
- An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer☆749May 19, 2023Updated 3 years ago
- The Hunt for Malicious Strings☆1,391May 13, 2025Updated last year
- Shellcode encryptor & obfuscator tool☆1,027May 23, 2026Updated last month
- Automated DLL Sideloading Tool With EDR Evasion Capabilities☆507Dec 19, 2023Updated 2 years ago
- This repo contains some Amsi Bypass methods i found on different Blog Posts.☆2,178Nov 28, 2024Updated last year
- A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage Power…☆821Mar 28, 2025Updated last year
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes☆1,061Jun 20, 2023Updated 3 years ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,396Oct 27, 2023Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- .NET assembly loader with patchless AMSI and ETW bypass☆386Apr 19, 2023Updated 3 years ago
- a tool to help operate in EDRs' blind spots☆771Dec 2, 2024Updated last year
- C# obfuscator that bypass windows defender☆825Jun 4, 2023Updated 3 years ago
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆391Jul 30, 2024Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆802Jan 26, 2026Updated 5 months ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆1,476Aug 18, 2023Updated 2 years ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆313Dec 9, 2023Updated 2 years ago
- ☆723Mar 22, 2024Updated 2 years ago
- Windows Local Privilege Escalation Cookbook☆1,345Feb 5, 2026Updated 4 months ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- ☆2,307Nov 24, 2023Updated 2 years ago
- kill anti-malware protected processes ( BYOVD )☆983Jul 21, 2023Updated 2 years ago
- Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques and used by Patchwork group.☆845Jul 2, 2024Updated 2 years ago
- This repo contains C/C++ snippets that can be handy in specific offensive scenarios.☆767Jan 26, 2025Updated last year
- HVNC for Cobalt Strike☆1,335Dec 7, 2023Updated 2 years ago
- A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.☆3,469Jan 19, 2025Updated last year
- EDR Lab for Experimentation Purposes☆1,471Jun 10, 2026Updated 3 weeks ago
- Amsi Bypass payload that works on Windwos 11☆380Jul 30, 2023Updated 2 years ago
- Active Directory Auditing and Enumeration☆536Jun 12, 2026Updated 3 weeks ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆1,175Jun 10, 2024Updated 2 years ago
- Simple & Powerful PowerShell Script Obfuscator☆596May 13, 2025Updated last year
- Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8☆352Aug 29, 2024Updated last year
- Lateral Movement Using DCOM and DLL Hijacking☆327Jun 18, 2023Updated 3 years ago
- Simulate the behavior of AV/EDR for malware development training.☆567Feb 15, 2024Updated 2 years ago
- The swiss army knife of LSASS dumping☆2,123Sep 17, 2024Updated last year
- Spartacus DLL/COM Hijacking Toolkit☆1,083Feb 1, 2024Updated 2 years ago