waawaa/AMSI_Rubeus_bypass external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

waawaa/AMSI_Rubeus_bypass

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/waawaa/AMSI_Rubeus_bypass)

Close

waawaa / AMSI_Rubeus_bypassView on GitHubMore

• External links
• Readme badge

☆72Aug 2, 2022Updated 3 years ago

Alternatives and similar repositories for AMSI_Rubeus_bypass

Users that are interested in AMSI_Rubeus_bypass are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• deepinstinct / AMSI-Unchained

  View on GitHub
  Unchain AMSI by patching the provider’s unmonitored memory space
  ☆91Nov 24, 2022Updated 3 years ago
• paranoidninja / DotNetTracer

  View on GitHub
  C code to enable ETW tracing for Dotnet Assemblies
  ☆32Aug 12, 2022Updated 3 years ago
• S3cur3Th1sSh1t / Nim_DInvoke

  View on GitHub
  D/Invoke implementation in Nim
  ☆100Jun 8, 2022Updated 3 years ago
• GetRektBoy724 / SharpHalos

  View on GitHub
  My implementation of Halo's Gate technique in C#
  ☆55Apr 20, 2022Updated 4 years ago
• GetRektBoy724 / HalosUnhooker

  View on GitHub
  Halos Gate-based NTAPI Unhooker
  ☆52Apr 21, 2022Updated 4 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• boku7 / xPipe

  View on GitHub
  Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions
  ☆97Mar 8, 2023Updated 3 years ago
• Dump-GUY / Get-PDInvokeImports

  View on GitHub
  Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…
  ☆53Apr 10, 2022Updated 4 years ago
• med0x2e / vba2clr

  View on GitHub
  Running .NET from VBA
  ☆148Feb 11, 2023Updated 3 years ago
• whydee86 / SnD_AMSI

  View on GitHub
  Start new PowerShell without etw and amsi in pure nim
  ☆157Feb 14, 2022Updated 4 years ago
• jfmaes / AmsiHooker

  View on GitHub
  Hookers are cooler than patches.
  ☆170Jan 21, 2022Updated 4 years ago
• alfarom256 / StinkyLoader

  View on GitHub
  It stinks
  ☆103Apr 22, 2022Updated 4 years ago
• sbasu7241 / HellsGate

  View on GitHub
  Rewrote HellsGate in C# for fun and learning
  ☆86Feb 10, 2022Updated 4 years ago
• plackyhacker / Peruns-Fart

  View on GitHub
  Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.
  ☆116Dec 26, 2021Updated 4 years ago
• oXis / NimWinAPICustom

  View on GitHub
  Resolve WinAPI func. Custom GetProcAddress and GetModuleHandle written in Nim
  ☆33Jun 2, 2021Updated 4 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• Mr-Un1k0d3r / AMSI-ETW-Patch

  View on GitHub
  Patch AMSI and ETW
  ☆252May 8, 2024Updated 2 years ago
• exploitblizzard / Syscall-Example

  View on GitHub
  Using syscall to load shellcode, Evasion techniques
  ☆27Jul 18, 2021Updated 4 years ago
• Flangvik / RosFuscator

  View on GitHub
  YouTube/Livestream project for obfuscating C# source code using Roslyn
  ☆129May 9, 2021Updated 5 years ago
• fortra / CreateProcess

  View on GitHub
  A small PoC that creates processes in Windows
  ☆187Jun 6, 2024Updated last year
• frkngksl / NimicStack

  View on GitHub
  NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs
  ☆95Apr 4, 2026Updated last month
• frkngksl / ParallelNimcalls

  View on GitHub
  Nim version of MDSec's Parallel Syscall PoC
  ☆125Apr 4, 2026Updated last month
• andreiverse / grc2

  View on GitHub
  grim reaper c2
  ☆348Nov 19, 2022Updated 3 years ago
• GetRektBoy724 / SharpUnhooker

  View on GitHub
  C# Based Universal API Unhooker
  ☆409Feb 18, 2022Updated 4 years ago
• t3hbb / citrixphishlet

  View on GitHub
  Citrix Phishlet
  ☆24Feb 2, 2021Updated 5 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• MzHmO / TGSThief

  View on GitHub
  My implementation of the GIUDA project in C++
  ☆189Jul 25, 2023Updated 2 years ago
• Signal-Labs / Hotpatching_PoC

  View on GitHub
  ☆23Mar 6, 2023Updated 3 years ago
• itm4n / PPLmedic

  View on GitHub
  Dump the memory of any PPL with a Userland exploit chain
  ☆352Mar 17, 2023Updated 3 years ago
• jsacco / PPL_Bypass

  View on GitHub
  ☆12Apr 7, 2022Updated 4 years ago
• rad9800 / WTSRM2

  View on GitHub
  ☆164Dec 30, 2022Updated 3 years ago
• RedTeamOperations / VEH-PoC

  View on GitHub
  ☆121Dec 23, 2022Updated 3 years ago
• BlackOfWorld / NtCreateUserProcess

  View on GitHub
  A small NtCreateUserProcess PoC that spawns a Command prompt.
  ☆106Apr 11, 2026Updated 3 weeks ago
• janoglezcampos / c_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆141Sep 12, 2022Updated 3 years ago
• rad9800 / WTSRM

  View on GitHub
  WTSRM
  ☆216Aug 7, 2022Updated 3 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• WithSecureLabs / dotnet-gargoyle

  View on GitHub
  A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique
  ☆52Dec 6, 2018Updated 7 years ago
• sailay1996 / CdpSvcLPE

  View on GitHub
  Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking)
  ☆256Sep 15, 2022Updated 3 years ago
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆379May 24, 2022Updated 3 years ago
• Hagrid29 / DuplicateDump

  View on GitHub
  Dumping LSASS with a duplicated handle from custom LSA plugin
  ☆206Feb 23, 2022Updated 4 years ago
• thefLink / RecycledGate

  View on GitHub
  Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
  ☆503Feb 3, 2022Updated 4 years ago
• timwhitez / JmpUnhook

  View on GitHub
  Ntdll Unhooking POC
  ☆19Aug 12, 2022Updated 3 years ago
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆148Nov 15, 2023Updated 2 years ago