tomcarver16 / AmsiHook

Related projects ⓘ

Alternatives and complementary repositories for AmsiHook

• slyd0g / SK8RAT
  C++ implant that interfaces with a SK8PARK server
  ☆47Updated 3 years ago
• EspressoCake / Firewall_Walker_BOF
  A BOF to interact with COM objects associated with the Windows software firewall.
  ☆100Updated 3 years ago
• mobdk / Upsilon
  Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
  ☆92Updated 3 years ago
• boku7 / halosgate-ps
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆94Updated last year
• JohnWoodman / stealthInjector
  Injects shellcode into remote processes using direct syscalls
  ☆75Updated 3 years ago
• improsec / CaddyStager
  ☆35Updated 2 years ago
• cham423 / cs-tools
  cobalt strike tools
  ☆31Updated 3 years ago
• plackyhacker / Peruns-Fart
  Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.
  ☆104Updated 2 years ago
• redteamertips / DinvokeDupetokenAndThreadSwitcheroo
  ☆24Updated 3 years ago
• xpn / AppProxyC2
  ☆66Updated 3 years ago
• S3cur3Th1sSh1t / RDPThiefInject
  RDPThief donut shellcode inject into mstsc
  ☆77Updated 3 years ago
• pwn1sher / CS-BOFs
  Collection of CobaltStrike beacon object files
  ☆99Updated 2 years ago
• airzero24 / WMIReg
  PoC to interact with local/remote registry hives through WMI
  ☆83Updated 4 years ago
• S3cur3Th1sSh1t / SharpOxidResolver
  IOXIDResolver from AirBus Security/PingCastle
  ☆45Updated 3 years ago
• netbiosX / GhostLoader
  GhostLoader - AppDomainManager - Injection - 攻壳机动队
  ☆51Updated 4 years ago
• S3cur3Th1sSh1t / SharpUnhooker
  C# Based Universal API Unhooker - Automatically Unhook API Hives (ntdll.dll,kernel32.dll,user32.dll,and kernelbase.dll)
  ☆21Updated last year
• RiccardoAncarani / BOFs
  Collection of Beacon Object Files (BOFs) for shells and lols
  ☆112Updated 3 years ago
• jsecu / CredManBOF
  ☆90Updated 3 years ago
• S3cur3Th1sSh1t / LDAP-Signing-Scanner
  A little scanner to check the LDAP Signing state
  ☆46Updated 3 years ago
• KINGSABRI / DotNetToJScriptMini
  A simplified version of DotNetToJScript to create a JScript file which loads a .NET v2 assembly from memory.
  ☆47Updated 3 years ago
• 0xB455 / AmsiBypass
  C# PoC implementation for bypassing AMSI via in memory patching
  ☆66Updated 4 years ago
• Cobalt-Strike / unhook-bof
  Remove API hooks from a Beacon process.
  ☆54Updated 2 years ago
• rmdavy / HeapsOfFun
  AMSI Bypass Via the Heap
  ☆105Updated 4 years ago
• aaaddress1 / xlsGen
  (PoC) Tiny Excel BIFF8 Generator, to Embedded 4.0 Macros in xls files without Excel.
  ☆42Updated 3 years ago
• tothi / SharpStay
  .NET project for installing Persistence
  ☆64Updated 2 years ago
• EspressoCake / HandleKatz_BOF
  A BOF port of the research of @thefLinkk and @codewhitesec
  ☆94Updated 3 years ago
• Aetsu / SLib
  SLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#
  ☆63Updated last year
• dtrizna / DInvoke_PoC
  Hardened Proof of Concept of D/Invoke Process Injection malware
  ☆40Updated 4 years ago