tomcarver16 / AmsiHookView external linksLinks
AmsiHook is a project I created to figure out a bypass to AMSI via function hooking.
☆67Jun 14, 2020Updated 5 years ago
Alternatives and similar repositories for AmsiHook
Users that are interested in AmsiHook are comparing it to the libraries listed below
Sorting:
- A simple injector that uses LoadLibraryA☆18Jun 14, 2020Updated 5 years ago
- I used this to see if an EDR is running in Safe Mode☆36Feb 13, 2021Updated 5 years ago
- LoadLibrary for offensive operations☆33Dec 14, 2021Updated 4 years ago
- AmsiScanBufferBypass using D/Invoke☆136Jun 17, 2021Updated 4 years ago
- Sleep Obfuscation☆45Oct 13, 2022Updated 3 years ago
- RDPThief donut shellcode inject into mstsc☆88May 24, 2021Updated 4 years ago
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago
- nuke that event log using some epic dinvoke fu☆118May 12, 2021Updated 4 years ago
- leaking net-ntlm with webdav☆26Feb 23, 2021Updated 4 years ago
- Walking the PEB in VBA☆24Apr 6, 2020Updated 5 years ago
- C# version of MDSec's ParallelSyscalls☆141Jan 9, 2022Updated 4 years ago
- ☆39May 20, 2023Updated 2 years ago
- D/Invoke port of UrbanBishop☆108Jul 19, 2020Updated 5 years ago
- Patch AMSI and ETW☆250May 8, 2024Updated last year
- A repo to hold any bypasses I work on/study/whatever☆19Dec 30, 2020Updated 5 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆218Mar 5, 2020Updated 5 years ago
- Collection of CobaltStrike beacon object files☆105Feb 14, 2022Updated 4 years ago
- Red Team oriented C# Simple HTTP & WebDAV Server with Net-NTLM hashes capture functionality☆289Jun 26, 2023Updated 2 years ago
- Reflective DLL loading of your favorite Golang program☆173Jan 27, 2020Updated 6 years ago
- Minimalist Custom .NET Core Garbage Collector☆23Jun 15, 2020Updated 5 years ago
- Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process☆231Jul 30, 2020Updated 5 years ago
- Injects shellcode into remote processes using direct syscalls☆77Dec 30, 2020Updated 5 years ago
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆349Jul 3, 2022Updated 3 years ago
- AMSI Bypass Via the Heap☆107Nov 20, 2020Updated 5 years ago
- C++ implementation of DOUBLEPULSAR usermode shellcode. Yet another Reflective DLL loader.☆31Nov 9, 2021Updated 4 years ago
- ☆48May 12, 2021Updated 4 years ago
- ☆21Jan 28, 2020Updated 6 years ago
- YouTube/Livestream project for obfuscating C# source code using Roslyn☆129May 9, 2021Updated 4 years ago
- ☆152Jan 6, 2023Updated 3 years ago
- Start new PowerShell without etw and amsi in pure nim☆157Feb 14, 2022Updated 4 years ago
- Load .net assemblies from memory while having them appear to be loaded from an on-disk location.☆173May 5, 2021Updated 4 years ago
- Disable Windows Defender Silently (ByPass TamperProtection & ByPass Trustednstaller)☆36Jul 31, 2020Updated 5 years ago
- adding a backdooruser using win32api☆80Sep 3, 2020Updated 5 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- A meterpreter extension for applying hooks to avoid windows defender memory scans☆249Aug 13, 2020Updated 5 years ago
- A tool to enumerate and download files from the System Center Configuration Manager (SCCM) SMB share (SCCMContentLib)☆16Jul 27, 2024Updated last year
- A simple COM server which provides a component to run shellcode☆149May 12, 2020Updated 5 years ago
- CVE-2021-1675 (PrintNightmare)☆77Jul 5, 2021Updated 4 years ago
- BoobSnail allows generating Excel 4.0 XLM macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation.☆259Mar 6, 2025Updated 11 months ago