A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.
☆1,139Jul 19, 2024Updated last year
Alternatives and similar repositories for PowerShell-Obfuscation-Bible
Users that are interested in PowerShell-Obfuscation-Bible are comparing it to the libraries listed below
Sorting:
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,198Oct 16, 2023Updated 2 years ago
- Lifetime AMSI bypass☆672Sep 26, 2023Updated 2 years ago
- This map lists the essential techniques to bypass anti-virus and EDR☆3,161Mar 28, 2025Updated 11 months ago
- Awesome EDR Bypass Resources For Ethical Hacking☆1,488Jan 26, 2026Updated last month
- Dominate Active Directory with PowerShell.☆1,164Nov 28, 2025Updated 3 months ago
- Automated DLL Sideloading Tool With EDR Evasion Capabilities☆503Dec 19, 2023Updated 2 years ago
- This repo contains some Amsi Bypass methods i found on different Blog Posts.☆2,132Nov 28, 2024Updated last year
- An ADCS Exploitation Automation Tool Weaponizing Certipy and Coercer☆738May 19, 2023Updated 2 years ago
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes☆1,040Jun 20, 2023Updated 2 years ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆776Jan 26, 2026Updated last month
- C# obfuscator that bypass windows defender☆803Jun 4, 2023Updated 2 years ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆1,370Oct 27, 2023Updated 2 years ago
- a tool to help operate in EDRs' blind spots☆767Dec 2, 2024Updated last year
- Real fucking shellcode encryptor & obfuscator tool☆1,011Jan 7, 2026Updated last month
- A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage Power…☆814Mar 28, 2025Updated 11 months ago
- kill anti-malware protected processes ( BYOVD )☆968Jul 21, 2023Updated 2 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆368Apr 19, 2023Updated 2 years ago
- ☆716Mar 22, 2024Updated last year
- This repo contains C/C++ snippets that can be handy in specific offensive scenarios.☆762Jan 26, 2025Updated last year
- The Hunt for Malicious Strings☆1,363May 13, 2025Updated 9 months ago
- Windows Local Privilege Escalation Cookbook☆1,277Feb 5, 2026Updated 3 weeks ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆1,470Aug 18, 2023Updated 2 years ago
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆389Jul 30, 2024Updated last year
- DavRelayUp - a universal no-fix local privilege escalation in domain-joined windows workstations where LDAP signing is not enforced (the …☆568Jun 5, 2023Updated 2 years ago
- Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality…☆4,342May 21, 2025Updated 9 months ago
- Dump NTDS with golden certificates and UnPAC the hash☆647Mar 20, 2024Updated last year
- ☆2,202Nov 24, 2023Updated 2 years ago
- HVNC for Cobalt Strike☆1,298Dec 7, 2023Updated 2 years ago
- Killer is a super simple tool designed to bypass AV/EDR security tools using various evasive techniques and used by Patchwork group.☆833Jul 2, 2024Updated last year
- Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts wa…☆1,051Oct 14, 2025Updated 4 months ago
- PoCs and tools for investigation of Windows process execution techniques☆953Feb 2, 2026Updated last month
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆1,097Jun 10, 2024Updated last year
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆307Dec 9, 2023Updated 2 years ago
- Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8☆351Aug 29, 2024Updated last year
- Spartacus DLL/COM Hijacking Toolkit☆1,083Feb 1, 2024Updated 2 years ago
- A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other ob…☆483Oct 14, 2022Updated 3 years ago
- Active Directory Auditing and Enumeration☆517Dec 3, 2025Updated 3 months ago
- Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows…☆2,055Dec 11, 2024Updated last year
- ☆1,670Apr 14, 2025Updated 10 months ago