Template-Driven AV/EDR Evasion Framework
Lifetime AMSI bypass
PowerShell Script Obfuscator
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.
Two in one, patch lifetime powershell console, no more etw and amsi!
HTTP Server serving obfuscated Powershell Scripts/Payloads
A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
Bypassing amsi.dll via memory patch, simple code!
Expeditus is a loader that executes shellcode on a target Windows system. It combines several offensive techniques in order to attempt to do this with some level of stealth.
This PowerShell script applies a memory patch to bypass the Antimalware Scan Interface (AMSI), allowing unrestricted execution of PowerShell commands.
Generate obfuscated PowerShell commands using XOR logic with random keys!
Repo containing PowerShell Download Cradles (oneliners)
Generator of techniques to evade AMSI in Windows. It uses random methods to generate code without signatures detectable by Windows Defender. Ideal for security research and AMSI bypass.
Amsi bypass in go tested on 10.0.20348.0 Microsoft Windows NT 10.0.20348.0
Loads a C# binary in memory within powershell profile, patching AMSI + ETW.
VB macro for Word exploit
Patching AmsiOpenSession by forcing an error branching.
Add a description, image, and links to the amsi-evasion topic page so that developers can more easily learn about it.
To associate your repository with the amsi-evasion topic, visit your repo's landing page and select "manage topics."