winsecurity/AMSI-Bypass-HWBP

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/winsecurity/AMSI-Bypass-HWBP)

winsecurity / AMSI-Bypass-HWBP

☆26

Alternatives and similar repositories for AMSI-Bypass-HWBP

Users that are interested in AMSI-Bypass-HWBP are comparing it to the libraries listed below

Sorting:

EvilBytecode / EvilByte-Remote-AMSI-Bypass
View on GitHub
Bypasses AMSI protection through remote memory patching and parsing technique.
☆54May 12, 2025Updated 9 months ago
Teach2Breach / hollow_rs
View on GitHub
A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.
☆31Feb 7, 2025Updated last year
Teach2Breach / dll2shell
View on GitHub
converts sRDI compatible dlls to shellcode
☆35Jan 20, 2025Updated last year
kleiton0x00 / RtlHijack
View on GitHub
Alternative Read and Write primitives using Rtl* functions the unintended way.
☆79Aug 25, 2025Updated 6 months ago
Leo4j / PowerDACL
View on GitHub
A tool to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Access Control Entries (ACEs)
☆61Feb 4, 2026Updated last month
EvilBytecode / Ebyte-AMSI-ProxyInjector
View on GitHub
A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…
☆62May 16, 2025Updated 9 months ago
Teach2Breach / rpeloader
View on GitHub
use python on windows with full submodule support without installation
☆30Jan 23, 2025Updated last year
rtecCyberSec / RAITrigger
View on GitHub
Local SYSTEM auth trigger for relaying
☆169Jul 22, 2025Updated 7 months ago
The-Viper-One / Invoke-PassTheCert
View on GitHub
Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel
☆59Apr 13, 2025Updated 10 months ago
jsecu / ModTask
View on GitHub
☆53Sep 23, 2025Updated 5 months ago
Leo4j / Invoke-SMBRemoting
View on GitHub
Interactive Shell and Command Execution over Named-Pipes (SMB) for Fileless lateral movement
☆181May 19, 2025Updated 9 months ago
MythicAgents / Xenon
View on GitHub
A Mythic agent for Windows written in C
☆158Feb 22, 2026Updated last week
hwbp / LazyHook
View on GitHub
Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.
☆131Dec 8, 2025Updated 2 months ago
cfs0x / nightshade
View on GitHub
☆36Jul 1, 2025Updated 8 months ago
Faran-17 / Hellshazzard
View on GitHub
Indirect Syscall implementation to bypass userland NTAPIs hooking.
☆84Aug 13, 2024Updated last year
jborean93 / AmsiProvider
View on GitHub
Test AMSI Provider implementation in C#
☆42Dec 18, 2024Updated last year
NtDallas / OdinLdr
View on GitHub
Cobaltstrike Reflective Loader with Synthetic Stackframe
☆186Jan 17, 2026Updated last month
x0xr00t / sl0ppy-PrivescTaskCreator
View on GitHub
sl0ppy-PrivescTaskCreator.ps1
☆40Oct 8, 2025Updated 4 months ago
joaoviictorti / rustbof
View on GitHub
A Rust template for writing Beacon Object Files (BOFs)
☆100Feb 11, 2026Updated 3 weeks ago
almounah / superdeye
View on GitHub
Indirect Syscall with TartarusGate Approach in Go
☆135Jul 8, 2025Updated 7 months ago
HackingLZ / saas_enum
View on GitHub
Command-line tool for discovering SaaS platforms a company uses via DNS enumeration
☆38Jul 23, 2025Updated 7 months ago
affix / rusty-hollow
View on GitHub
Unix Process hollowing in rust
☆22Dec 16, 2024Updated last year
whokilleddb / funcshenanigans
View on GitHub
A bunch of shenanigans using functions, VEH and more
☆37Jun 8, 2025Updated 8 months ago
sysirq / fortios-auth-bypass-poc-CVE-2024-55591
View on GitHub
☆25Jan 23, 2025Updated last year
garrettfoster13 / ldap_bofs
View on GitHub
Random BOFs for LDAP tradecraft
☆74Sep 9, 2025Updated 5 months ago
redr0nin / CVE-2024-38143
View on GitHub
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
☆24Feb 5, 2025Updated last year
T1erno / bin2shellcode
View on GitHub
C++ tool and library for converting .bin files to shellcode in multiple output formats.
☆33Aug 18, 2025Updated 6 months ago
EvilBytecode / Ebyte-ETW-Redirector
View on GitHub
A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…
☆45Jun 1, 2025Updated 9 months ago
rasta-mouse / pwnlift
View on GitHub
Easy peasy file uploads
☆32Aug 29, 2025Updated 6 months ago
Teach2Breach / pool_party_rs
View on GitHub
remote process injections using pool party techniques
☆70Jun 29, 2025Updated 8 months ago
TheManticoreProject / DescribeNTSecurityDescriptor
View on GitHub
A cross-platform tool to parse and describe the contents of a raw ntSecurityDescriptor structure
☆47Oct 4, 2025Updated 5 months ago
VirtualSamuraii / flyphish
View on GitHub
Deploy a phishing infrastructure on the fly.
☆77Dec 21, 2024Updated last year
tehstoni / LexiCrypt
View on GitHub
Shellcode encryptor using a substitution cipher with a randomly generated key.
☆142Jan 18, 2025Updated last year
Teach2Breach / snapinject_rs
View on GitHub
A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …
☆50Jan 25, 2025Updated last year
ColeHouston / theHandler-BOF
View on GitHub
Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.
☆38Aug 5, 2025Updated 7 months ago
nyxgeek / azure_survey_2025
View on GitHub
results of scraping OneDrive from February 2022 - March 2025
☆27Apr 29, 2025Updated 10 months ago
logangoins / Stifle
View on GitHub
.NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS
☆150Feb 10, 2025Updated last year
Maldev-Academy / AlphabeticalPolyShellGen
View on GitHub
Generate an Alphabetical Polymorphic Shellcode
☆138Aug 19, 2025Updated 6 months ago
RedTeamPentesting / keycred
View on GitHub
Generate and Manage KeyCredentialLinks
☆248Jan 30, 2026Updated last month